Emails are traditionally sent via the unencrypted SMTP protocol. Later, transport encryption via TLS was added as an extension. This means that the contents cannot be viewed by third parties during transmission. dotplex supports TLS encryption and, with the DANE standard, also enables guaranteed secure connections with other mail servers that support DANE.
Unfortunately though, there are still many email servers on the internet that do not offer TLS encryption at all or only use insecure protocols and algorithms. Therefore, our mail servers at dotplex also accept unencrypted transmitted emails and transmit emails unencrypted to servers that do not support TLS. This is an intentional decision, because smooth mail traffic is important to most of our customers. The connection between your mail client and the dotplex servers is always securely encrypted.
However, dotplex also offers you the option of using mandatory encryption. Mails are then only exchanged with other servers if they support TLS 1.2 or TLS 1.3 with secure ciphers.
Mandatory TLS for incoming mails
With this setting, you will no longer be able to receive mails from some senders. The senders may receive an error message that they do not understand. You will not be informed about lost mails. We are also unable to restore them, deliver them subsequently or offer support for them.
Mandatory TLS encryption for incoming mails can only be activated for a complete domain, not for individual accounts.
If your domain is hosted by dotplex and we also manage the DNS records, just send us a short mail. We will then activate mandatory TLS encryption for you free of charge.
If you manage your DNS records yourself, change the MX record as follows:
Subdomain | Type | Priority | Value |
---|---|---|---|
@ | MX | 10 | securemx.dotplex.com. |
Mandatory TLS for outgoing mails
With this setting you will no longer be able to send mails to some recipients. If the recipients' mail server does not support secure encryption, you will receive a warning from the dotplex mail server after about an hour that the mail could not yet be delivered. The dotplex mail server will attempt delivery for another 23 hours and then send you a final error message (bounce). There is nothing we can do about this, nor can we offer support. Your options are then to deactivate the mandatory TLS encryption for outgoing mails or to contact the recipients by other means.
Mandatory TLS encryption for outgoing mails can be activated either for complete domains or individual mail accounts.
Soon you will be able to configure this yourself in the dotplex Dashboard. Until then, just send us a short email. We will then activate mandatory TLS encryption for you free of charge.