Anyone else realize that the emails that come out of Service Desk are not being sent with any type of TLS encryption support? We just realized that all data in emails are not encrypted when they come out of the GTA mail server. This is a dead simple thing to fix and we cannot believe that such a corporate service would not have any type of mail encryption. Anyone have any thoughts on this?

Hi Chase, We're currently looking into this, you're right we should be sending emails using TLS. I'll keep this thread updated as we make progress :) Luke

Luke, Any update about this? Really should be an easy mail server switch change. Thanks

Hi Chase, Our Ops guys are currently assessing the impact this may have on other products. Once they've made this change, I'll update this thread. Thanks, Luke

I cannot believe I am now just looking for this topic. Today I was just thinking "wait these emails coming from the service desk are sent in plain text, and the emails sent back to it from Customers are as well". User Object passwords etc are sometimes in the Incident. This is a major security risk. Have you guys addressed this? Why not allow us to use our own Exchange mailbox for this using IMAPS/TLS and SMTP/TLS beween your mail servers. I'm not the expert but other service desk services have this functionality. Can you please provide Chase and I an update on this. The workaround I have is Users must check the "hide from customer" option when including any passwords in an incident.

This was a response I received about this back on April 2nd: "I hope you are doing well. Our Engineering team advised me that the feature you requested has been approved, is currently on the product roadmap, and will be included in the upcoming releases within the month. Thanks for your continued patience." I then received this response at the end of August: "Next week, our Q4 starts. I will contact Operations/Service Desk Engineering to see where we are on this as they had proposed it would be likely available during this time period." We'll see if this ever happens. It is a major security flaw and I'm actually surprised their auditors let this continue.

TLS encryption for emails | GoTo Community

35 Replies

Bcshay
Active Contributor
12 years ago
One option is to disallow email to incident creation and disallow Customers from responding to notifications. They can go directly to the Customer Portal and respond to notifications...
Chase Beydler
New Member
12 years ago
That is what I was thinking. My employees like to imagine the portal just doesn't exist once they put the ticket in and only reply via email. What this means is enabling TLS coming out of Citrix really doesn't mean anything since followup emails are ones (after original ticket opening) that will usually contain sensitive information when we ask them for it. Good to know.
Bcshay
Active Contributor
12 years ago
That is correct, Chase. In order for SMTP transport layer security to occur for emails sent to the service desk they must be configured to do so.

So in respect we have 50/50 secure SMTP communication with the service. I asked somewhere above about support for Exchange which would allow two-way secure SMTP.
Chase Beydler
New Member
12 years ago
Brenden,

Email responses sent from a customer to the help desk aren't being encrypted? Just those coming from the help desk to customers/users?
Bcshay
Active Contributor
12 years ago
That's great. Any plans to allow responses to notifications sent to the service desk to also be encrypted.
Luke Grimstrup
Retired GoTo Contributor
12 years ago
The duplicate email issue has been fixed!
Luke Grimstrup
Retired GoTo Contributor
12 years ago
Hey guys,

Yes - the duplicate emails are unrelated to this particular change, and we are working on a fix for this. We're aiming to release a fix at the end of the day (Pacific Time). I'll post here when it's been done.
Chase Beydler
New Member
12 years ago
I have noticed the double messages, too.
Bcshay
Active Contributor
12 years ago
Luke - we started receiving duplicate notifications from the service desk since Friday. Just curious if there is any correlation? My incident number is 07790886. Thanks.
Bcshay
Active Contributor
12 years ago
Great news and verified (see header).

Received: from smrelay1.las.expertcity.com (smrelay1.las.expertcity.com
[216.219.119.5]) (Using TLS) by us-mta-10.us.mimecast.lan; Mon, 29 Sep 2014
19:33:05 -0400

Luke - are there any plans to implement IMAPS so that we can send email to the service desk encrypted for a synchronous secure communication.

Forum Discussion

TLS encryption for emails

35 Replies

Recent Discussions

Access original customer email messages

ASSIST SERVICE DESK API

Removing/cleaning up tags in service desk

DELETE MY ACCOUNT

Email Notifications - Bounced Address