Thursday, January 29, 2009

Mail Companies Not Receiving in TLS

Postini is now requiring mail companies to receive in TLS in order enforce TLS encryption. The interesting thing was they were advertising they supported TLS encryption and I had added some domains and tested it out and they went through, so I assumed those communications were secure.

Turns out what was really happening is that the messages were sent from the original mail company in TLS but then my mail provider only accepts via SMTP or SSL (which according to Postini is not really for mail but for web servers and I have heard that TLS is a newer, better version of SSL).

So anyway my mail was TLS from the sender to Postini and after that unencrypted - the whole time I thought it was secure.

Time for a new mail provider.

One of these days...someday...I will have secure email. There must be a way.