Transport Layer Security (TLS) is a protocol that helps to secure data and ensure communication privacy between endpoints. Trend Micro Email Security allows you to configure TLS encryption policies between Trend Micro Email Security and specified TLS peers. Trend Micro Email Security supports the following TLS protocols in descending order of priority: TLS 1.3, TLS 1.2, TLS 1.1 and TLS 1.0.
To prevent against man-in-the-middle attacks on TLS connections, Trend Micro Email Security introduces DNS-based Authentication of Named Entities (DANE) and Mail Transfer Agent - Strict Transport Security (MTA-STS) to verify the identity of the destination servers.
You can enable DANE or MTA-STS authentication between Trend Micro Email Security and specified TLS peers during outbound mail delivery.
For inbound mails, Trend Micro Email Security inherently supports MTA-STS after you have set up a DNS record and a policy for your domain. For details, see MTA-STS for Inbound Protection.
The Transport Layer Security (TLS) Peers screen uses the following important terms:
Term |
Details |
---|---|
Managed Domain list |
|
Status (Managed Domain) |
|
Default (for unspecified domains) |
This configuration applies to all domains that are not in the managed domain list |
Domain TLS Peers list |
|
Status (TLS Peer) |
|
TLS peer |
Trend Micro Email Security can apply your specified TLS configuration with this peer during network communications. |
Security level |
Note:
When a TLS peer supports both DANE and MTA-STS, Trend Micro recommends that you select DANE for communicating with the peer. DANE is considered more secure than MTA-STS for protecting SMTP connections. |
Default (for unspecified peers) |
This configuration applies to all peers that meet any of the following criteria:
|