Email has become an integral part of how people and businesses communicate on a day-to-day basis. TitleCore National understands this and implements distinct levels of email security to ensure that all communications between TitleCore National and its clients are secure.

TitleCore National has adopted the use of forced Transport Layer Security protocol (TLS) to ensure email is encrypted during transmission.  The way TLS works is the sending server reaches out to the receiving server and asks for its TLS capabilities. If the receiving server accepts TLS, then a handshake is created and all information sent and received between the servers is encrypted.  Most email providers rely on Opportunistic TLS, where if an email cannot be sent with TLS it will send the email in plain text, meaning sending the email is more important than securing it.

TLS diagram

TitleCore National believes opportunistic TLS is not sufficient to protect us and our clients, because it is possible that emails can be sent unencrypted. To protect email communication, we use forced or mandatory TLS to ensure that email is encrypted during transmission. Enforced TLS functions about the same as opportunistic with one major difference, if the receiving server is improperly configured or does not support TLS then the email message is not sent, and the connection is refused.TLS connection refused diagram

What does TitleCore National do when an email is sent to an email server that is improperly configured or does not accept TLS? We use an added layer by falling back to a Mimecast Secure Messaging Portal. If enforced TLS fails, then the message is packaged and stored on a separate secured website. The client will receive a separate email saying that they have a message waiting for them in the secure portal. The recipient then creates their own password that is used to log into the portal and retrieve the message. The recipient can also use this portal to reply to the message to ensure that it is secured when replying.  TitleCore National makes securing your information a top priority.

Mimecast portal

If you are interested in learning more about TLS and email security, you can go to the following sites for a more detailed description and use.

Wikipedia – Transport Layer Security

National Institute of Standards and Technology – Trustworthy Email

Internet Engineering Task Force – RFC 5246, RFC 8446