Encrypting Email Transmissions
Transport Layer Security (TLS), is a protocol that encrypts and delivers mail securely. TLS connections are available for both inbound and outbound email traffic but in some cases you'll need to enable TLS on a per domain basis in your account.
DuoCircle supports TLS on incoming mail, we use a self signed certificate that does not interfere with encryption - you can validate these settings at CheckTLS.com
Trying TLS on mx1.mailhop.org[54.186.60.165] (10):
seconds | test stage and result | |
---|---|---|
[000.072] | Connected to server | |
[000.143] | <-- | 220 inbound3.ore.mailhop.org ESMTP |
[000.143] | We are allowed to connect | |
[000.143] | --> | EHLO checktls.com |
[000.239] | <-- | 250-inbound3.ore.mailhop.org 250-PIPELINING 250-SIZE 52428800 250-VRFY 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 8BITMIME |
[000.239] | We can use this server | |
[000.239] | TLS is an option on this server | |
[000.240] | --> | STARTTLS |
[000.311] | <-- | 220 2.0.0 Ready to start TLS |
[000.311] | STARTTLS command works on this server | |
[000.467] | Cipher in use: ECDHE-RSA-AES256-GCM-SHA384 | |
[000.467] | Connection converted to SSL | |
[000.484] | Certificate 1 of 2 in chain: subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State | |
[000.500] | Certificate 2 of 2 in chain: subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State | |
[000.500] | Cert NOT VALIDATED: self signed certificate | |
[000.500] | So email is encrypted but the domain is not verified | |
[000.500] | Cert Hostname DOES NOT VERIFY (mx1.mailhop.org != mail.duocircle.com) | |
[000.501] | So email is encrypted but the host is not verified | |
[000.501] | ~~> | EHLO checktls.com |
[000.573] | <~~ | 250-inbound3.ore.mailhop.org 250-PIPELINING 250-SIZE 52428800 250-VRFY 250-ENHANCEDSTATUSCODES 250 8BITMIME |
[000.574] | TLS successfully started on this server | |
[000.574] | ~~> | MAIL FROM:<[email protected]> |
[000.645] | <~~ | 250 2.1.0 Ok |
[000.646] | Sender is OK | |
[000.646] | ~~> | RCPT TO:<[email protected]> |
[000.747] | <~~ | 250 2.1.5 Ok |
[000.748] | Recipient OK, E-mail address proofed | |
[000.748] | ~~> | QUIT |
[000.820] | <~~ | 221 2.0.0 Bye |
We use self signed certificates because our mail servers respond and emulate thousands of different names and it is the most effective way for us to handle this configuration, it does not interfere with the actual security of the messages.
We support end to end TLS internet ------>>>> DuoCircle --------->>>> Your Mail Server
Enabling TLS on your account
Log in to your account, select the service and under the Manage Product settings click on the TLS Mode. Our suggestion is to set it to enabled, however by default for accounts created prior to January 2016 the settings is disabled. We suggest you update this to enhance your email privacy.
All other modules, including phishing protection will continue to work seamlessly.