RE: Using TLS to Secure Email

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 28 Feb 2005 12:00:15 -0500

I saw this one after the other post.

If you're just going to do this for a few offices, TLS might work out just
fine.  If you're going to go over that, or if you're worried that somebody
might mis-type the address (destination vs. policy encryption) then this
won't do much good.  

Typical compliance induced architecture wants the solution to be able to
work regardless of employee mistakes.  For operational ease of use, you
would often also want the solution to work without user intervention and
have it be used for many data types vs. everything.  

TLS is for everything between two servers.  What if the destination has
multiple mail servers?  Or if they change mail servers due to some upgrade
etc?  TLS often more restrictive than everybody is willing to deal with and
requires some care and feeding as nodes change. TLS also doesn't understand
policy or content so you get an all or nothing solution with TLS.

I would try not to use TLS if I could help it, for external communications.
It's not granular enough nor able to deal with mis-typed emails and so
forth.  Instead I'd look for something that had policy and content based
intelligence and could apply encryption etc to messages based on criteria I

My $0.04 anyway.


-----Original Message-----
From: Kevin Bachelder [mailto:kbachelder@xxxxxxxxxxxxxx] 
Sent: Monday, February 28, 2005 10:30 AM
To: [ExchangeList]
Subject: [exchangelist] Using TLS to Secure Email

Hi all,

I am the IT manager for a small company and a handful of our clients are
medical offices.  I have been looking into server-based solutions to secure
our email communications in light of the upcoming HIPAA security deadline.
Unfortunately, many of the good products (i.e. easy to use) cost several
thousand dollars.  I have done some research and it looks like using TLS
(Transport Layer Security) between our email server and our recipients'
server would do the trick and would not be that expensive to implement.

Has anyone else used this approach or care to comment on this idea?

Thanks in advance for your time and feedback,

Kevin Bachelder 

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking: Leading
Network Software Directory:
No.1 ISA Server Resource Site: Windows Security
Resource Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: