Forum Discussion
Mail without TLS
I am getting some messages in my Office 365 about Mail without TLS. Is there any concerns here? Do I need to make any changes?
It really just means that you guys are sending a handful of e-mail to a domain that doesn't have TLS turned on. Those e-mails are not encrypted in transport at all and are vulnerable to traffic sniffing etc. But I wouldn't say there is a problem per say. Just may investigate for a large chunk of that e-mail to a domain and find out why they don't allow TLS, or it might be traffic that isn't sensitive.
Most e-mail servers have opportunistic TLS on so it will try TLS first then do no TLS as a backup so there could be an issue with the TLS connection but my gut says that one of your domains you are using just has it off for some reason.
Most e-mail servers have opportunistic TLS on so it will try TLS first then do no TLS as a backup so there could be an issue with the TLS connection but my gut says that one of your domains you are using just has it off for some reason.
Is TLS something I can turn on in Office 365 or does that have to be done with my Domain Registrar?
- You already have it on. Hence the sent and received TLS 1.2 messages. It’s an endpoint you deal with that they have it off on their side. You’ll have to investigate to see if it’s mostly the same one and get them to turn it on or just ignore it / increase that alert threshold.
Here is the Connector I am using that is getting the TLS warnings.
Switch to using the other option, "By verifying that the subject name on the certificate that the sending server uses to authenticate with Office 365 matches this domain name". Details for example here: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/set-up-connectors-to-route-mail#part-2-configure-mail-to-flow-from-your-email-server-to-office-365
You can also toggle the RequireTls parameter.
