Encrypting Email Transmissions

We consider email privacy a right, and not a privilege. All email customer inbound and outbound communications have the ability to utilize TLS. 

Transport Layer Security (TLS), is a protocol that encrypts and delivers mail securely. TLS connections are available for both inbound and outbound email traffic but in some cases you'll need to enable TLS on a per domain basis in your account. 


DuoCircle supports TLS on incoming mail, we use a self signed certificate that does not interfere with encryption - you can validate these settings at CheckTLS.com





Trying TLS on mx1.mailhop.org[54.186.60.165] (10):

seconds
test stage and result
[000.072]
Connected to server
[000.143]<--220 inbound3.ore.mailhop.org ESMTP
[000.143]
We are allowed to connect
[000.143]-->EHLO checktls.com
[000.239]<--250-inbound3.ore.mailhop.org
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME
[000.239]
We can use this server
[000.239]
TLS is an option on this server
[000.240]-->STARTTLS
[000.311]<--220 2.0.0 Ready to start TLS
[000.311]
STARTTLS command works on this server
[000.467]
Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
[000.467]
Connection converted to SSL
[000.484]
Certificate 1 of 2 in chain:
subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State
issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
 
[000.500]
Certificate 2 of 2 in chain:
subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State
issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
 
[000.500]
Cert NOT VALIDATED: self signed certificate
[000.500]
So email is encrypted but the domain is not verified
[000.500]
Cert Hostname DOES NOT VERIFY (mx1.mailhop.org != mail.duocircle.com)
[000.501]
So email is encrypted but the host is not verified
[000.501]~~>EHLO checktls.com
[000.573]<~~250-inbound3.ore.mailhop.org
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-ENHANCEDSTATUSCODES
250 8BITMIME
[000.574]
TLS successfully started on this server
[000.574]~~>MAIL FROM:<[email protected]>
[000.645]<~~250 2.1.0 Ok
[000.646]
Sender is OK
[000.646]~~>RCPT TO:<[email protected]>
[000.747]<~~250 2.1.5 Ok
[000.748]
Recipient OK, E-mail address proofed
[000.748]~~>QUIT
[000.820]<~~221 2.0.0 Bye


We use self signed certificates because our mail servers respond and emulate thousands of different names and it is the most effective way for us to handle this configuration, it does not interfere with the actual security of the messages. 


We support end to end TLS internet  ------>>>> DuoCircle --------->>>> Your Mail Server


Enabling TLS on your account


Log in to your account, select the service and under the Manage Product settings click on the TLS Mode. Our suggestion is to set it to enabled, however by default for accounts created prior to January 2016 the settings is disabled. We suggest you update this to enhance your email privacy. 


All other modules, including phishing protection will continue to work seamlessly.