Anyone else realize that the emails that come out of Service Desk are not being sent with any type of TLS encryption support? We just realized that all data in emails are not encrypted when they come out of the GTA mail server. This is a dead simple thing to fix and we cannot believe that such a corporate service would not have any type of mail encryption. Anyone have any thoughts on this?

Hi Chase, We're currently looking into this, you're right we should be sending emails using TLS. I'll keep this thread updated as we make progress :) Luke

Luke, Any update about this? Really should be an easy mail server switch change. Thanks

Hi Chase, Our Ops guys are currently assessing the impact this may have on other products. Once they've made this change, I'll update this thread. Thanks, Luke

I cannot believe I am now just looking for this topic. Today I was just thinking "wait these emails coming from the service desk are sent in plain text, and the emails sent back to it from Customers are as well". User Object passwords etc are sometimes in the Incident. This is a major security risk. Have you guys addressed this? Why not allow us to use our own Exchange mailbox for this using IMAPS/TLS and SMTP/TLS beween your mail servers. I'm not the expert but other service desk services have this functionality. Can you please provide Chase and I an update on this. The workaround I have is Users must check the "hide from customer" option when including any passwords in an incident.

This was a response I received about this back on April 2nd: "I hope you are doing well. Our Engineering team advised me that the feature you requested has been approved, is currently on the product roadmap, and will be included in the upcoming releases within the month. Thanks for your continued patience." I then received this response at the end of August: "Next week, our Q4 starts. I will contact Operations/Service Desk Engineering to see where we are on this as they had proposed it would be likely available during this time period." We'll see if this ever happens. It is a major security flaw and I'm actually surprised their auditors let this continue.

TLS encryption for emails | GoTo Community

35 Replies

Replies have been turned off for this discussion

Luke Grimstrup
Retired GoTo Contributor
12 years ago
Hi guys,

Per comments above, I have been pushing to get this change completed. With that, I have good news, I just received word that we have TLS enabled for the past 24 hours.

You may have noticed we have had issues with sending email over the past couple of days, but we were able to confirm that was unrelated to the TLS change.

Please let myself or our support team know if you experience any issues.
Chase Beydler
New Member
12 years ago
Who knows.
Bcshay
Active Contributor
12 years ago
Great thanks! is that the "Product" Manager Luke? And thanks for keeping me in the know.
Chase Beydler
New Member
12 years ago
"Thank you for checking back. The Project Manager of Service Desk is pushing to get this setup with hopes it can come to fruition before the end of the year. I will keep you posted on updates as I receive them."
Bcshay
Active Contributor
12 years ago
Did you ever find anything out Chase? I know they're busy dealing with the latest GTA release problem.
Bcshay
Active Contributor
12 years ago
I sent an email to our team and CIO to address this and he was concerned. Also comments checked as Hidden do get sent via the resolved and closed notifications to Users so that workaround is not going to work. We just have to be careful not to include any confidential info in the interim.

Can you please let me know their response to your second inquiry? Thanks.

They're going to have to not only implement TLS for SMTP but also IMAPS or something so that messages sent to the service desk are also encrypted. For us we can use an exchange mailbox. For others that support external clients it's still going to be an issue with messages sent to the service desk. They may have to disallow replies to notifications entirely.
Chase Beydler
New Member
12 years ago
How did that conversation go, Brenden? About to send another email asking for a status.
Bcshay
Active Contributor
12 years ago
I've got to address this with our CIO today so that he is aware and I am not responsible if a breach occurs. Still my fault though for neglecting this before signing up for the service.

I can't believe your IT audit didn't catch that...
Chase Beydler
New Member
12 years ago
Indeed. We lucked out and our audit that just occurred didn't ask anything about this, but I have a feeling that I may need to look at another solution come next year if this isn't addressed with more than "It is on the roadmap".
Bcshay
Active Contributor
12 years ago
Cheers Chase! Security flaw yes but also a security risk to all customers using the service.

Welcome! The GoTo Community is currently in Read Only mode while we work on an exciting platform update.

If you need assistance, please contact our toll-free 24/7 Support

Forum Discussion

TLS encryption for emails

35 Replies

Recent Discussions

Access original customer email messages

ASSIST SERVICE DESK API

Removing/cleaning up tags in service desk

DELETE MY ACCOUNT

Email Notifications - Bounced Address