How to Check/Test TLS Encryption is Used to Secure Emails
Jump to related articles:
System Administrator's Guide HomepageRevamp Your IT Infrastructure to Support Quarantine Telework/Work from HomeBlock Malicious Ad Servers with HOSTS FileData Backup Strategy for a Comprehensive Disaster Recovery PlanPrevent Data Exfiltration by Disabling Data Transfer on USB PortsNetwork Attached Storage - An Easy Solution for Secure File Server You Can Setup in One DayFile Encryption with 7-Zip File ArchiverEnforced TLS Encryption for Secure EmailHow to Check if an Email Message was Encrypted with TLS By Analyzing Message HeadersHow to Check/Test TLS Encryption is Used to Secure EmailsViewing and Analyzing an Email Message HeaderNetwork Printer and Copier Security Best PracticesSecure your Mobile Endpoints with Microsoft 365 Mobile Device PolicySimple Physical Security Controls to Secure Your NetworkSecure your data on-the-go with Apricorn Aegis Padlock self-encrypting USB hard drivesSimple Steps to Secure Your Wireless Network
Table of Content
- Overview
- Test TLS Using CheckTLS.com
- Test TLS Using Microsoft 365 Exchange Online Validation Tool
- What if the Validation Fails?
- Analyzing the Message Header
Back to Top
Overview
In the article Enforced TLS Encryption for Secure Email, we described what TLS encryption is, its importance in safeguarding email messages, and how to configure Microsoft 365 Exchange Online to employ it. But how do you verify that TLS is being used and more importantly, if enforced TLS is required, how do you ensure an email server honors that. In this article, we'll go over a few ways you can verify if your emails are sent securely using free online tools or manual inspection.
Back to Top
Test TLS Using CheckTLS.com
A popular online tool to verify secure email is www.checktls.com. Their free service provides you with the ability to:
- test if a recipient email server support TLS and enforced TLS
- test if your email server is sending message using TLS, and if it can do so if it is enforced
Back to Top
Test TLS Using Microsoft 365 Exchange Online Validation Tool
If you subscribe to Microsoft 365 and you have enforced (required) TLS Exchange connectors created to your business partners and vendors, you can use the built-in validation tool to make sure it works as expected. Follow the steps below to validate an existing connector.
- Login to Microsoft 365 as an administrator.
- Click on the waffle icon on the top-left and select Admin to go to the Admin Center.
- On the left sidebar, expand Admin Centers and select Exchange to go to the Exchange Admin Center.
- Click on Mail Flow on the left sidebar, then click on the Connectors tab. This will show a list of connectors you have in your specific organization.
- Highlight the connector you want to test. The connector will need to be FROM your organization TO your third-party domain or IP.
- On the right pane, click on the Validate this connector link, as highlighted below.
- In the dialog box that appears, select (or add) an email address to the recipient's domain, then clickValidate. This step will send a test email to the recipient using the specific configuration defined in your mailflow connector. This step typically takes a minute and will display a progress indicator, as depicted below, of its progress.
For the recipient, they will receive a test email from Microsoft 365. There is not action the recipient needs to take in the validation process. This test email will look similar to the one illustrated below.
If the connection validates successfully, you will see a message similar to the one shown below with a status of "Succeeded".
- Click Finish to close the dialog box.
Back to Top
What if the Validation Fails?
If your Microsoft 365 connector validation fails, there are a few things to look at to troubleshoot:
- Verify your connector settings - Particularly if this is a newly created connector, you want to review the configuration settings to make sure they are defined correctly. If this is a connector that have existed for some time, then the issue may not be with your connector but with your business partner. But for good measure, you'll want to verify your configuration settings anyway.
- Verify the test email is valid - Make sure the test email address you are using is still valid. Perhaps the email no longer exist. You'll want to reach out to your business partner to have them provide you with a valid working email address that you can use in the validation.
- Verify partner's email server - Get in contact with your business partner to have them review their email server configuration. Perhaps their was a system upgrade or a configuration change that affected the use of TLS encryption between your two organizations.
Back to Top
Analyzing the Message Header
If you have an email message that you need to identify if it was sent securely, you can analyze the email message header. The message header contains a variety of information, including whether encryption was used. We have a dedicated article on how to check if your email was encrypted with TLS.
Back to Top
Suggestion
SSL/TLS Under Lock and Key: A Guide to Understanding SSL/TLS Cryptography
Suggestion
Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails
Suggestion
Securing Office 365: Masterminding MDM and Compliance in the Cloud
Suggestion
Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails
