cancel
Showing results for 
Search instead for 
Did you mean: 
Chase Beydler1
New Member

TLS encryption for emails

Anyone else realize that the emails that come out of Service Desk are not being sent with any type of TLS encryption support? We just realized that all data in emails are not encrypted when they come out of the GTA mail server.

This is a dead simple thing to fix and we cannot believe that such a corporate service would not have any type of mail encryption.

Anyone have any thoughts on this?
35 REPLIES 35
Luke Grimstrup
Retired GoTo Contributor

Re: TLS encryption for emails

Hi Chase,

We're currently looking into this, you're right we should be sending emails using TLS.

I'll keep this thread updated as we make progress 🙂

Luke
Chase Beydler1
New Member

Re: TLS encryption for emails

Luke,
Any update about this? Really should be an easy mail server switch change.

Thanks
Luke Grimstrup
Retired GoTo Contributor

Re: TLS encryption for emails

Hi Chase,

Our Ops guys are currently assessing the impact this may have on other products. Once they've made this change, I'll update this thread.

Thanks,
Luke
Bcshay
Active Contributor

Re: TLS encryption for emails

I cannot believe I am now just looking for this topic. Today I was just thinking "wait these emails coming from the service desk are sent in plain text, and the emails sent back to it from Customers are as well". User Object passwords etc are sometimes in the Incident. This is a major security risk.

Have you guys addressed this? Why not allow us to use our own Exchange mailbox for this using IMAPS/TLS and SMTP/TLS beween your mail servers. I'm not the expert but other service desk services have this functionality.

Can you please provide Chase and I an update on this.

The workaround I have is Users must check the "hide from customer" option when including any passwords in an incident.
Chase Beydler
New Member

Re: TLS encryption for emails

This was a response I received about this back on April 2nd:
"I hope you are doing well. Our Engineering team advised me that the feature you requested has been approved, is currently on the product roadmap, and will be included in the upcoming releases within the month. Thanks for your continued patience."

I then received this response at the end of August:
"Next week, our Q4 starts. I will contact Operations/Service Desk Engineering to see where we are on this as they had proposed it would be likely available during this time period."

We'll see if this ever happens. It is a major security flaw and I'm actually surprised their auditors let this continue.
Bcshay
Active Contributor

Re: TLS encryption for emails

Cheers Chase! Security flaw yes but also a security risk to all customers using the service.
Chase Beydler
New Member

Re: TLS encryption for emails

Indeed. We lucked out and our audit that just occurred didn't ask anything about this, but I have a feeling that I may need to look at another solution come next year if this isn't addressed with more than "It is on the roadmap".
Bcshay
Active Contributor

Re: TLS encryption for emails

I've got to address this with our CIO today so that he is aware and I am not responsible if a breach occurs. Still my fault though for neglecting this before signing up for the service.

I can't believe your IT audit didn't catch that...
Chase Beydler
New Member

Re: TLS encryption for emails

How did that conversation go, Brenden? About to send another email asking for a status.