What is TLS?
Equus Platform uses a technology call TLS (Transport Layer Security) to encrypt email messages whilst in transit to and from the Equus Platform. TLS is a cryptographic protocol designed to provide communications security over a computer network.
How are outbound and inbound emails secured
Outbound emails are sent from the Equus Platform without TLS encryption by default. Equus Platform can be configured to force TLS encryption to be attempted for outbound emails and to fail if TLS encryption cannot be negotiated with the intended recipient. This setting can apply to ALL recipients or recipients within certain domains. "Opportunistic TLS" is not available for outbound emails as part of Equus' standard configuration.
Inbound emails uses "opportunistic TLS" by default. "Opportunistic" means that if an email sent to the monitored mailbox comes from an email server that is also configured to use TLS then the email will be secured. However if the sender’s email server does not support TLS encryption then the email will be received via an unencrypted transmission. For Equus' standard hosted client offering this cannot be changed. However, the email import service can be limited to only accept email from a trusted white-list of domains. It should be noted that the Email Import Service will always use TLS encryption when retrieving messages from a monitored mailbox within the *.assignmentpro.com domain.
What are the configuration requirements?
An Equus representative (Implementation Manager / Client Solutions Manager) will engage with the client to understand the following key points which will then be used by the Equus technician for configuration.
Outbound Email
1. Does the client require TLS on all emails sent from the Equus Platform or only emails sent to certain domains?
Please note that when emails are sent with "ON" for ALL email recipients, the email will fail to send if the recipient domain does not have TLS encryption set up.
When emails are sent with "ON" for certain listed domains, the list of domains to which the client sends assignment related emails should be specified. This should include all vendor domains and the client own email domain.
2. Can the standard configuration email address of noreply@clientname.assignmentpro.com be used as the default FROM address. It is possible to change this to a different address if that is desired.
Inbound Emails
1. Does the client want to limit the email domains from which they want to receive emails into the Equus Platform?
Please note that when enabled, only emails sent from mailboxes within these trusted email domains will be imported and any emails sent from non-trusted domains will be deleted. The name of the monitored mailbox should be specified (i.e. globalmobility@clientname.assignmentpro.com, etc.) and the names of the trusted domains to be used and if so, which domains should be allowed to have emails imported. This list should include the various domains used by the company as well as those of any vendors or external partners who may be required (i.e. @clientname.com, @deloitte.co.uk, etc.)
2. Can the client's email partners enforce TLS encryption on emails from their email servers?
If TLS is desired then it is important that the potential senders’ email servers are appropriately configured.
What should be considered for ecosystem integration involving emails to vendors?
Though email encryption may have been setup during the initial implementation for a client, it is important to confirm that it is "ON" for any ecosystem integration that involves the use of emails to vendors. If a vendor is using API-only communications, TLS is also in place as a part of normal data encryption for traffic over the internet, but no setup for any individual client or vendor is necessary.
What are the next steps?
TLS encryption for email configuration is performed by an Equus technician and occurs on the Equus Platform web server. Testing TLS involves sending and receiving an email to/from each applicable email domain.