TLS and Salesforce Security for Emails and 'Email-to-Case'

Transport Layer Security and Email Security

Salesforce supports Transport Layer Security (TLS) on our Email Servers. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport layer end-to-end.

Depending on whether the email is inbound or outbound, we will handle it a little differently.

All SMTP connections start in plain text and can be switched to TLS.

Outbound emails are sent from Salesforce to someone else. E.g. An email going to, for example user@acme.com, user@gmail.com, user@smallcompany.com, user@bigcompany.com.
For outbound emails it is up to the receiving mail server to switch the conversation to TLS, we will ask the mail server for TLS. Salesforce administrators can configure TLS settings for Outbound emails through the Setup | Deliverability menu. See Guidelines for Configuring Deliverability Settings for Emails Sent from Salesforce for further information on changing these settings.

Inbound Emails are sent to Salesforce from an external source. E.g. The On-demand Email-to-Case Agent, email-to-salesforce, email-to-apex. For example emailtosalesforce@6e567ph4mmtx3o7ji1sztcw.in.salesforce.com.
For Inbound email connections, the sending mail server has to request the conversation to be switch to TLS before we will switch the conversation to TLS. You can also review your mail server configuration settings with your IT team to determine whether rejecting plain-text emails before forwarding the rest to Salesforce is viable for your environment.

Email Relaying allows you to control how you want us to manage TLS and set preferences around how to manage the connection. Email Relaying can force the connection to use TLS or not make the connection at all.

Features that send outbound emails include(s), this is a small sample of emails:

• Email Relaying
• Workflow notification
• Event invitations
• Emails to contacts
• Task notifications
• Scheduled Dashboards and Reports

Features receiving Inbound Emails at Salesforce:

• Email-to-salesforce
• Email-to-apex
• On-Demand Email-to-Case
• Email Workflow Approvals

Note: TLS does not‌ encrypt the content of the email or attachments appended to the message; rather the session doing the transfer is encrypted.

Visit this Microsoft page for additional information, White Paper: Domain Security in Exchange 2007