Enhance Email Security in G Suite with TLS by Default

Transport Layer Security (TLS) is a cryptographic security protocol designed to function over computer networks. It works in conjunction with an email system to protect its privacy. To make a secure connection, both the sender and recipient must use TLS. When a secure connection can’t be made, Gmail delivers messages over the non-secure connection.

Google has added a new security feature that TLS will be enabled by default for the Google products and services to secure sending and receiving email from specific domains and email addresses.

TLS is enabled in Gmail so that the Simple Mail Transfer Protocol (SMTP) mail connection can be secured through TLS. Google has launched these following changes:

• TLS for mail connection will be enabled by default.

• As an admin, you are able to test SMTP outbound routes ‘TLS configuration’ in the Admin console before deployment. You do not need to wait for the message to bounce back.

Although admins have always had the ability to require TLS encryption for mail routes, it was previously disabled by default. Now the email routing will be impacted by this new update.

Google always recommends that admins enable existing mail security features, including SPF, DKIM, and DMARC to improve the security of end-users. Enabling TLS by default on email routing enhances the security level of end-users. While TLS default change will not impact mail routes that were previously created.

With TLS enabled by default for new email routing, all certificate validation requirements will be also enabled by default. This ensures that recipient hosts have a certificate issued for the correct host that has been signed by a trusted Certificate Authority (CA). 

You will be getting this feature in G Suite Admin Console by following steps: 

Admin Console > Apps > G Suite > Gmail > Advanced settings