![]() Disabling CA certificate validation, or even disabling TLS entirely, is not recommended. For example, if mail is forwarded to third-party or on-premise mail servers using internal CA certificates, admins may need to disable CA certificate validation. See more details about how we’re changing the requirements for trusted CAs below.Īdmins will still have the ability to customize their TLS security settings on newly created mail routes. This ensures that recipient hosts have a certificate issued for the correct host that has been signed by a trusted Certificate Authority (CA). ![]() With TLS enabled by default for new mail routes, all certificate validation requirements are also enabled by default. TLS enabled by default on new mail routes This change will not impact mail routes that were previously created. Enabling TLS by default on new SMTP mail routes enhances the security posture of our customers while enabling admins to test connections before enforcing TLS on existing routes makes it easier for them to deploy best practice security policies. We also recommend that admins turn on MTA Strict Transport Security (MTA-STS), which improves Gmail security by requiring authentication checks and encryption for email sent to their domains. Why it’s importantWe always recommend that admins enable existing mail security features, including SPF, DKIM, and DMARC, to help protect end users. ![]() Note that existing mail routes will not be impacted by these changes. While admins have always had the ability to require TLS encryption for mail routes, it was previously off by default. They no longer need to wait for messages to bounce. Admins are now able to test their SMTP outbound routes’ TLS configuration in the Admin console before deployment.TLS for mail connections will now be enabled by default.However, in order to encourage more organizations to increase their email security posture, and to further the above goal of enabling TLS by default, we’ve made the following changes: ![]() Gmail already supports TLS, so that if the Simple Mail Transfer Protocol (SMTP) mail connection can be secured through TLS, it will be. The blog post also highlighted a significant goal: to enable TLS by default for our Google products and services, and to ensure that TLS works out of the box. What’s changingRecently, the Google Security blog outlined how the usage of Transport Layer Security (TLS) has grown to more than 96% of all traffic seen by a Chrome browser on Chrome OS. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |