What is TLS?

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message.

All mail sent to and from Intermedia servers will attempt to make a TLS connection, using Opportunistic TLS. When sending using Opportunistic TLS, if a TLS connection cannot be established, it will fall back to a basic connection and send the message in plain text using SMTP.

When a message is sent using a Forced TLS connection, if the TLS handshake cannot be established or if the target server is not configured to accept only Forced TLS connections, the message will not be delivered.

To work, TLS should be enabled on both - recipient's and sender's side.

By default, Opportunistic TLS is enabled on our servers.

To enable Forced TLS it is necessary to confirm that TLS is enabled on recipients' side.

What is required to enable Forced TLS?

We require a formal request from the owner of the recipients' domain in a PDF file.

Important: Support team will not be able to complete your request without signed formal PDF letter from the recipient side. Ask the company you need to have Forced TLS connection with to send you a formal signed request stating that they require Forced TLS with your domain and then contact Support with this letter on your hands.

The document should contain a list of domains and also indicate that this is the only way to send to them and confirm the TLS connection.

The written letter has to be from the domain that is requiring the connection to be established via TLS. The letter should be scanned to a PDF format so that it cannot be changed. Recipients must provide the signed document.

Example: your domain Mycompany.com needs to have Forced TLS with Examplecompany.com. In this case, we need request and confirmation from Examplecompany.com.

The letter from Examplecompany.com should look like this:

Once you have received a signed PDF document, contact Support.

If Policy-Based Encryption is enabled on the account, refer to the article Setting Up Enforced TLS Via Policy-Based Encryption for additional information.