Internet e-mail is transmitted in clear text by default and therefore is insecure.  As soon as a message leaves your internal network, it is possible for anyone to read that message while it is in transition from the sending system to the destination.  The likelihood of an attack, such as this, is low, but when you are dealing with your sensitive data, any risk that can be avoided, should be.  Transport Layer Security (TLS), built into Microsoft Exchange, is one method to protect this data stream. 

TLS encrypts the E-mail data stream coming from or going to your email server.  This stream will be unintelligible to someone listening in on the communication.  In order to do this you need to have a certificate installed on your email system (see next article on certificates).  If you have TLS enabled when you send an email, your mail system will negotiate settings with the receiver’s mail system and then transmit the email.  The email will not be encrypted on the servers themselves but only during the transport between servers. 

In order for emails to be transmitted using TLS, both parties need to have TLS enabled on their email systems.  You can have your email system configured to try to send via TLS first and then if that doesn’t work, default to a connection without TLS.  For this reason, once you have TLS configured on your email system we recommend informing clients, and other organizations that you communicate with regularly of the change, and suggest they enable it on their side as well. 

We believe the extra security provided by configuring TLS on your mail system is worth the effort.  In addition to doing your part to secure your communications, using TLS can also serve as notice to clients that you have their privacy in mind.