Overview
This article will describe how to configure an enforced TLS connection to a specific domain or group of domains using Mailprotector's SafeSend service.
SafeSend enables you to enforce policies and compliance rules for outbound emails, protecting an organization from data leakage and reputation-damaging spam, viruses, and malware from within.
- Enforce TLS encryption
- Works on a single recipient address or an entire domain
- Gives you peace of mind about the safety of your email data
With the SafeSend service enabled (see info here), we can create Message Rules for outbound email.
Configuring message rules to enforce a TLS connection to a domain
Once you have enabled the SafeSend product, you can create Message Rules to enforce TLS encryption. This is most commonly used with financial institutions to meet compliance standards.
To configure an enforced TLS connection, you will:
- Navigate to the Mailprotector Console at emailservice.io
- Go to the domain you wish to create a TLS-encrypted connection rule for
- Navigate to the "Filtering" tab for that domain
- Navigate to the "Message Rules" section under the "Filtering" tab
- Select the drop-down that says "incoming" and change it to "outgoing"
- Input a name and click the "Create" button to begin making the rule
- Under the "Criteria" section, input the domain you wish to send to via TLS connection in the "To" field in the "Matches any of:" section. NOTE: You can just input the domain. You don't need to toggle the button on the right before typing under "Matches any of:"
- At the top of the page, select the "Actions" section
- Under the Actions section, toggle on the option to "Relay with TLS Encryption"
- Click the back arrow in the top left-hand corner to finish creating the rule
- The rule will appear as disabled in the "Outgoing" section of the rules. You must toggle it on for it to be an active rule. NOTE: You can leave it on if it's already toggled on. This will be distinguished by the toggle button being green instead of grey.
The message will bounce if the recipient's mail server doesn't support TLS encryption. The users from the sending domain will receive a bounceback notifying them of the receiving server not being able to establish a TLS connection
Getting Help
If you need assistance, please contact the Partner Success team.
Related to
Updated