Mandatory TLS

As with opportunistic TLS, an encrypted data transfer occurs when the TLS handshake process is successful. Unlike opportunistic TLS, if the handshake fails during the connection attempt, the connection is terminated and no transfer occurs. The message is placed in a delayed message queue for a later delivery attempt. The message delivery retry interval is configured on the page Settings > Inbound/Outbound > Non-Delivery Options.

Mandatory TLS is used for the following encryption options:

TLS connection encryption
Email hybrid service advanced email encryption

These features are enabled and configured on the page Settings > Inbound/Outbound > Encryption. To use Forcepoint Email Encryption, your product subscription must include both the Forcepoint Email Security Hybrid Module and the Forcepoint Email Security - Encryption Module.

Backup encryption options may be selected if you use default TLS encryption. You can designate Forcepoint Email Encryption, a third-party application, or secure messaging as a backup method in case the TLS connection fails. Specifying a backup option allows you a second opportunity for encryption in the event of an unsuccessful TLS connection. If both the TLS and backup connections fail, the message is sent to a delayed message queue for a later connection attempt.