Sites Using AWS SES
If your site is hosted with us it will use Amazon SES for sending mail. As part of configuring your environment to send emails through AWS SES we can configure a TLS policy which supports 2 options:
- Optional - Uses "opportunistic" TLS, if the receiving end supports encryption it will be used, however if the receiving end does support TLS encryption the email will still get sent in but in plain text.
- Required - Requires the receiving end to support TLS encryption, if it does not then the email will not be delivered and reported as a bounce.
- Note that there is a small risk associated with requiring all emails to be sent over encrypted TLS connections, if the receiving end does not support this it will result in undelivered emails.
- All major cloud email providers such as Office 365, Google Mail / GMail and Outlook support TLS connections for receiving emails.
- Self hosted services such as Microsoft Exchange are normally configured to accept TLS connections for receiving emails as a best practice but this may be worth checking with your IT team.
From the start of September 2023 any new client that joins GOSS will automatically have this configured as "Required".
All existing clients are configured with the "Optional" option to maintain the original behaviour. This can be changed on request and if you would like this to be changed, please contact our Support team through the usual means.
Your own Mail Server
We can also configure GOSS hosted applications to relay email directly to your own mail server, either directly or via a VPN. In this case you are responsible for ensuring we can connect to a port on the relay that supports TLS encryption, and you are responsible for ensuring that the email is relayed to the final receiving party using a TLS connection if required. We suggest speaking to your own network teams for further advice and support on this.