Posts Tagged ‘TLS’

How Does TLS Impact Marketing?

We all know that paying attention to email security can protect sensitive information from prying eyes. But if you do email marketing, did you know that it can also improve your open and response rates as well?

Transport Layer Security, or TLS for short, is a relatively new security standard for email. It is the successor to the previous Secure Sockets Layer (SSL) standard familiar to many. In a previous blog article, we examined the security implications of TLS for email privacy. Here, we will take a deeper look at how it can affect your marketing as well.

TLS, email security and open rates

TLS is optional for people to use, and years ago, according to this article, at first people only used it when there were privacy concerns about the contents: for example, when the client wants to receive only encrypted emails. But it goes on to point out that today, there is an even bigger reason for marketers to use TLS encryption: open rates.

As an example, Google’s Gmail flags the security settings of your email for all to see. When you are the sender, choosing recipients who are not using TLS security will cause a red, unlocked “padlock” icon to be displayed in the upper right-hand corner of your compose screen. More importantly, when you aren’t using TLS, your email is shown with a similarly broken padlock, and your sender ID is displayed with a big, red question mark next to it.

 

So why does this matter – especially if you aren’t sending things like people’s account numbers or the top-secret plans for the next Space Shuttle? Appearances, pure and simple. Would you open an email from someone being flagged as “suspicious”? This source notes that even though TLS requires bandwidth and isn’t a perfect, foolproof solution for security, marketers are often concerned nowadays about how their emails appear to the recipient, and a broken red padlock isn’t exactly reassuring.

In a blog post announcing these changes, Google itself is far from comforting for recipients, noting that “Not all affected email will necessarily be dangerous. But we encourage you to be extra careful about replying to, or clicking on links in messages that you’re not sure about.” Ultimately, you want your outbound email marketing messages to pass Google’s security checks so that the percentage getting opened is as high as possible.

What you should do, and how we can help

As a marketer, this means that you should determine if the email address you are sending to supports TLS, and how you can use this additional security measure in marketing efforts to your advantage. Specifically, you want to make sure that you are sending TLS encrypted messages to recipients using TLS servers, so you get the security stamp of approval.  At the very least, you want to track and understand the impact on open rates for emails that are flagged as not secure.

So how do you determine whether an email address on your list uses TLS or not? Our DOTS Email Validation tool can come to your rescue here – it returns a Notes code letting you know whether the recipient’s email server supports TLS connections for encrypted email communication. Plus you get all the other benefits of email validation, including verifying and correcting addresses, as well as flagging spam traps, honeypots, known spammers and bogus addresses. Want to learn more? We’re always happy to help.

TLS and Email Security: An Overview

Many people don’t realize that when you send an email, its contents are often unencrypted – and in turn, vulnerable to being seen and intercepted by others. This may be fine if you are sending recipes or plans for the weekend to your friends, but many businesses want a more secure solution for communicating with their clients, prospects and other stakeholders. Moreover, a number of well-publicized email hacking incidents over the past few years have put email security in the spotlight.

Thankfully there are numerous solutions that can be put to use to protect your emails. This article looks at how one common solution, the TLS protocol, can be used as part of your email privacy and security efforts.

What is TLS?

Transport Layer Security, or TLS for short, is a network security protocol implemented across most major web browsers and many email servers. It is the successor to Secure Sockets Layer (SSL), a now-deprecated approach used from the earliest days of the Internet to secure web traffic.

What is the advantage of TLS? It is an easy, seamless way to send secure emails WITHOUT making the recipient do anything. Many email security solutions are “walled gardens” requiring action on the part of the recipient to get at your email. But when you enable TLS encryption for your outgoing emails – and the recipients are set up to receive TLS-encrypted emails, which is the case for approximately 80% of emails sent today – emails are automatically encrypted until they are opened and read by the recipient.

Originally developed by Netscape engineers, TLS has evolved considerably since its first specification in the late 1990s, with its latest 1.3 version now in the process of rolling out. It is maintained as a public standard through the Internet Engineering Task Force standards body via its RFC (Request for Comments) process. Most browsers and mail servers currently support at least its current 1.2 level of functionality, considered a minimum requirement for effective data security nowadays.

Putting TLS to work

TLS encryption is normally a function of your outbound email platform: for example, this article describes how TLS encryption is used with Microsoft’s Exchange Server platform for business.

Since TLS encryption requires the cooperation of both the sending and receiving mail servers, there are basically two ways to implement it with your outgoing emails: so-called “opportunistic” versus “forced” or “mandated” TLS.

In the case of opportunistic TLS, the recipient’s server is checked for TLS capabilities, and if there is a match, the message is sent encrypted – otherwise, it is sent unencrypted. Be aware that in the case of opportunistic TLS, there is no guarantee that the message will be encrypted.

With forced TLS, the message is not delivered unless TLS is supported.

The National Institute of Standards and Technology (NIST), a government standards body, publishes guidelines for the use of Transport Layer Security in encrypting data “in motion” between systems. Note that there may also be compliance implications for the security of data “at rest,” e.g. once it is resident on the recipient’s system.

How we can help

TLS only encrypts emails when BOTH the sender and the recipient are using TLS. Thankfully, there is a tool for checking this: our DOTS Email Validation product returns a Note Code value of 16 in cases where the recipient supports email encryption vial TLS. This allows you to choose whether or not to send encrypted emails to this recipient.

Note that TLS verification alone may not suffice for high-security or compliance applications: for example, a positive TLS reading from Email Validation may mean that the receiver’s email front end (such as their spam filter) uses TLS, but does not guarantee that emails remain encrypted all the way to reaching the recipient – nor that it remains encrypted when the data is “at rest.”

So for some mission-critical applications – such as HIPAA compliance or sensitive financial data – you may need to consider more bulletproof solutions such as a secure email portal, a dedicated encryption service, or verification of end-to-end encryption for specific recipients (such as communications between two banks).

That said, many organizations do not need to go to the expense of a dedicated encryption solution, or cannot afford to put roadblocks such as a dedicated portal between their emails and their customers – particularly for applications such as sales and marketing. If this is the case for your business, TLS encryption can represent an easy, real-time way to keep your outgoing email as secure as your recipients will allow. And with our Email Validation product, TLS verification comes bundled as part of a unified strategy to help ensure the quality of your email contact data.