HCL Domino Ideas Portal
Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
Yes, please make it possible to enforce TLS for specific domains only. Additional option on the Foreign smtp document?
If I understand my customer regarding the requirements by law or regulatory (GDPR), it could be a 1st step to have an indicator that documented that a mail send with "TLS". A customer must prove that TLS (Transport Layer Security) is used for their domains.
RouterFallbackNonTLS=1 Is the solution?
I agree with "Guest commented August 6, 2018 13:52". On the one side there are requirements by law or regulatory (e.g. GDPR) to enforce TLS encryption to specific domains. On the other side several other domains are not using TLS in any way (in our environment 1/4 of external sent mail is without TLS/SSL).
We need a way to force TLS for some domains and leave it as opportunistic for the rest of the world.
Hello Thomas, what I believe is meant here - at least this understanding of the idea is the reason, why I support it: Yes, when TLS negotiation is enabled, the server should be using the strongest security available. But what if I what to make absolutely sure? I'd have to enforce TLS. When I do that, I would forbid any emailing to or from servers which may be to old or poorly maintained for example private servers of customers (eg bank to customer). I would possibly loose business.
On the other hand, I might have some partners/customers etc., I could talk to in case TLS fails for some reason while sending or receiving mails.
I would like to:
Negotiate TLS for all senders and addressees, I do not know well and
Enforce TLS for all senders and addressees, I can coordinate with to enhance security.
Domino does not give this option. Why not make it possible to set such an option in the documents for "Foreign SMTP domain"?
By default a new server should be using the latest / strongest security settings.
I think you mean that you wanted to specify the recipient domain ? How is the recipient classified on that banking requirement, all email sent between banking institution / all email sent to customer ?
I hope it does not simply say all email correspondence going out of the company must be in TLS ?
I can confirm the request. I have also met to either email via TLS or nothing.
This is, what can be done today. But there are requirements in the banking sector saying, "TLS, and nothing but TLS". If TLS is not possible, then e-mal will not be delivered.
The feature should allow to specify the sending domains , of course
I personally would rather have it downgrade gracefully if the other side somehow does not use TLS. Please bear in mind that as a company we simply cannot force the party that we correspond with to adhere to our standard.