To create a sender profile with defined transmission security levels.

Background Information​

Sender profiles define transport security levels for email sendouts. Every sender profile is connected to a specific IP pool in the Mapp Engage MTA (Mail Transfer Agent) infrastructure. A strict level of security can result in low deliverability rates. Industries, for example medical or financial industries, must use stronger email security measures for legal reasons.

Create and use a relevant sender profile to match your sendout requirements!


A healthcare company in the US (California) can send their regular newsletters in Mapp Engage with ​Opportunistic TLS​ (Transport Layer Security). Opportunistic TLS first tries to send the message encrypted with the set TLS level. However, recipients who reject encrypted transport then receive non-encrypted transport and sendouts.

However, the same company is subject to stricter requirements to send personal medical data or diagnoses via email. HIPAA (Health Insurance Portability and Accountability Act) regulations require that the company sends these emails via HIPAA-Compliant ​Forced TLS​. Forced TLS only sends emails via encrypted transport. Recipients who reject encrypted transport do not receive the mails and the relevant bounce reason is recorded.


  1. In the ​Main Navigation​, click Administration​ > ​System Settings​ > Settings.
  2. Click the ​Sender Profiles​ tab.
    ⇒ The ​Sender Profiles​ tab with an overview of your sender profiles.
  3. Click ​Create​.
    ⇒ The page to edit sender profiles opens.
  4. In the ​Name​ field, enter a name for your sender profile. This field is required and this name must be unique.
  5. In the ​Description​ field, you can enter keywords or information about your sender profile. This field is optional. You can enter information on the scenarios to use the sender profile or a description of the profile.
  6. Select the ​TLS Mode​ from the drop-down list. ​
    1. Forced​ requires that the sendout use TLS. Emails bounce for recipients who reject TLS. Use this setting for emails that require high security and encryption. ​
    2. Opportunistic​ first sends the mail with TLS. Emails to recipients who reject TLS are then sent unencrypted. This setting is recommended for general emails or newsletters.

      If no Sender Profile is selected during email sendout configuration, it will fall back to a "null" transport value: this value can be configured in your Engage system to the TLS version you need.

      During email sendout configuration, this "null" profile appears in the Choose Sendout Profile drop-down-list as a minus sign: "-".

      If this transport is not set up and you do not select a Sender Profile, the message will be sent via unencrypted transport.

      To set up "null" transport, please contact your Customer Success Manager.

  7. Check the ​TLS Protocols​ that you want to use for your email message. The highest TLS protocol that the recipient accepts is applied to the email. 

    Select consecutive TLS protocols. Gaps in the TLS levels cause an error.
  8. Select if a certificate is required for the email. ​
    1. None​ means that no certificate is required for the recipient to receive the email. ​
    2. Default​ activates the Mapp Engage default certificates.​
    3. Custom​ certificates require that you upload your certificate to Mapp Engage. 
      For additional information on email certificates, contact your Account Manager.
  9. Enter any ciphers that are required for the email.
  10. Click ​Save​.
    ⇒ The ​Sender Profiles​ tab opens with the new sender profile in the overview of sender profiles.

Further Information