Inbound TLS enforcement means that the ESS infrastructure always uses TLS to secure SMTP connections to your domain's inbound mail servers. Before enabling this feature, verify that the inbound mail server is correctly TLS-enabled by running the TLS connectivity Test.
To enable outbound TLS enforcement:
Check the option, Always enforce TLS inbound from the Email Security Services infrastructure to my domain.
Important clarifications about this feature
Run the TLS connectivity Test by navigating to Services > Encryption > TLS Enforcements, and then selecting the specific domain you wish to test inbound TLS delivery for. Under TLS inbound mail server test, click Test.
Email is not delivered when your inbound mail server does not support TLS, or when ESS fails to authenticate the certificate that your recipient mail server presents when the domain uses Strong Validation. Undelivered mail is placed in a retry queue. If the email delivery fails after the standard retry period has ended, the email is bounced back to the third party.
ESS will not accept emails from third parties sent through plain text (no TLS) to customer domains that have Inbound TLS enforcement enabled between ESS and the customer's domains. This is because we cannot upgrade an email received into ESS in plain text to be delivered to the customer in TLS.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe