TLS (Transport Layer Security)
The acronym TLS stands for Transport Layer Security. The previous name for TLS is SSL which stands for Secure Sockets Layer.
Transport Layer Security is a protocol for encrypting data transmissions on the Internet. TLS is the commonly used encryption for Web pages and email transfer.
TLS in Mapp Engage
When sending a message with Mapp Engage, the Mapp Engage MTA (Mail Transfer Agent) communicates with the MTA of the email provider. TLS is used to transfer your data securely to the email provider of your recipients. The messages are protected against unauthorized access.
When the Mapp Engage MTA sends a message to the MTA of the email provider recipient, TLS encrypts the content of the message. TLS also encrypts additional information, such as the email address of the recipient and the subject of the message.
TLS uses two different encryption methods. For one, a symmetric encryption is applied, which uses the same key for encryption and decryption. For the other, an asymmetric encryption is applied, which uses a private and a public key. This encryption also has a certificate with which the public key can be unambiguously assigned to the private key to confirm the identity of the MTAs.
The sequence of encryption is divided into two phases:
With an asymmetric encryption, communication between the Mapp Engage MTA and the MTA of the email provider is established.
The asymmetric encryption is performed only once for all future connections between the Mapp Engage MTA and the MTA of the email provider. However, the symmetric encryption is carried out for each single transmission of a message.
With a symmetric encryption, the data is transmitted.
Mapp TLS only affects the connection between the Mapp Engage MTA and the MTA of the email provider. The encryption by the MTA of the email provider to the recipient itself depends on the email provider.
Requirements for a Connection
For the asymmetric encryption, a key pair (public and private key) and a certificate are generated in a Trust Center (TC). The MTA of the email provider is given the public key and presented with the certificate. With this key, the server is now clearly identifiable. The Mapp Engage MTA obtains the private key.
Building the Connection
To send a message from Mapp Engage, a connection to the MTA of the email provider of the recipient must be established. The Mapp Engage MTA announces itself with a "Hello Client" at the MTA of the email provider. This MTA reports back with a "Hello Server" and sends their certificate. When the Mapp Engage MTA has verified the certificate with the public key, the connection is established.
For the symmetric encryption, the Mapp Engage MTA creates a session key. This key which is encrypted with the private key and sent to the MTA of the email provider. This MTA decrypts the session key again with the public key again.
Use of the Connection
The message from Mapp Engage is now encrypted with the session key and sent to the MTA of the email provider. This MTA can decrypt the message again with the session key. The message is delivered securely.
Email Provider Support
To achieve full encryption, the MTA of the email provider must support TLS. If this MTA does not support TLS, the message is sent unencrypted. Although not all email providers support the latest TLS, there are constantly more. The email providers that officially support TLS include, among others: