function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
MarceldeBMarceldeB 

Send secure mail from apex

we use messaging.SingleEmailMessage/ messaging.SendEmail to send out mails from apex. it seems these mails are not sent 'secure'.  our customers are urgently asking for a more secure way to send the mails. any tips how to send out mails (with attachments) in a secure way (certificates?/ssl?) from salesforce apex coding?

 

Best Answer chosen by Admin (Salesforce Developers) 
Cory CowgillCory Cowgill

You can enforce TLS security ( http://en.wikipedia.org/wiki/Transport_Layer_Security ) by configuring the email deliverability settings in the setup console (Setup -> Email Administration -> Deliverability).

 

All outbound emails, whether they originate in standard SF pages, or via your Apex Code using messaging classes, will adhere to the TLS settings you configure.

 

 

All Answers

Cory CowgillCory Cowgill

You can enforce TLS security ( http://en.wikipedia.org/wiki/Transport_Layer_Security ) by configuring the email deliverability settings in the setup console (Setup -> Email Administration -> Deliverability).

 

All outbound emails, whether they originate in standard SF pages, or via your Apex Code using messaging classes, will adhere to the TLS settings you configure.

 

 

This was selected as the best answer
MarceldeBMarceldeB

Thanks for you response. Our mailsettings are the default 'preferred'. would this mean that for each mail the system checks the tls settings of the receipeints mailserver to decide wether to send the mail with tls or without? so if the customer installs tls on its mailserver, all mails we send are send in a secure way?

 

Cory CowgillCory Cowgill

Yes.

 

Preferred means Salesforce will check if the client mail system has TLS enabled, and  if it does it will send the Email encrypted using TLS. If TLS is not enabled, Salesforce will still send the email to the client unencrypted.

 

Modifying that setting will allow you to only send TLS encrypted emails, but it also means that clients may not recieve emails if they don't have TLS on their mail server.

 

Inside the Help in your Salesforce Org the options are described in detail.

Rasmus MenckeRasmus Mencke

The default behavior for Salesforce is to always try to deliver the message over TLS unless our customers explicitly choosen to send them plain text.This is an orgWide setting, and not all ISP support TLS, so I would make sure that all the domains you are sending too are supporting TLS, before moving it to required.