Forum Discussion

Chase Beydler1's avatar
Chase Beydler1
New Member
11 years ago

TLS encryption for emails

Anyone else realize that the emails that come out of Service Desk are not being sent with any type of TLS encryption support? We just realized that all data in emails are not encrypted when they come out of the GTA mail server.

This is a dead simple thing to fix and we cannot believe that such a corporate service would not have any type of mail encryption.

Anyone have any thoughts on this?
  • Bcshay's avatar
    Bcshay
    Active Contributor
    Any update on this Luke? All you need to do is turn on opportunistic TLS for inbound mail.

    This is still a huge security concern as un encrypted mail often contains sensitive information such as usernames and passwords.
  • Please keep us a bit better updated on this. We were told that it was going to be completed in a matter of months when I first pointed it out to support, and it was only half implemented over a year later.
  • Bcshay's avatar
    Bcshay
    Active Contributor
    As we can see with all the data breaches occurring weekly security is a very serious topic. Sending sensitive information via SMTP in clear text is a huge vulnerability. A secure IT Service Desk is of high importance. Customers should not need to worry about insecure communications. Further security mechanisms to harden or lock down electronic communications would be nice too.

    BTW: desk.gotoassist.com scored a C via an SSL report and is vulnerable to POODLE attacks. Citrix should be using TLS and not SSLv3 to secure communications to desk.

    https://www.ssllabs.com/ssltest/analyze.html?d=desk.gotoassist.com