-2

AFAIK Outlook is using POP/IMAP protocol to access mails in Office 365. I occasionally have seen instructions for 3rd product integrations with Office 365 that required configuration of mail routing rules so that messages are forwarded to security devices (for instance SMTP proxies where the mail is inspected and sent back to Office 365). I guess that protocol used to send the email to the security device is SMTP but how can I know whether the connection between Office 365 --> SMTP Porxy --> Office 365 are actually encrypted ?

cyzczy
  • 149
  • 1
  • 10

1 Answers1

3

AFAIK Outlook is using POP/IMAP protocol to access mails in Office 365.

Ah. No? Yeah. No. It is NOT using POP/IMAP to sync Outlook.

Outlook uses a proprietary protocol that also handles other things that none of those standards do.

but how can I know whether the connection between Office 365 --> SMTP Porxy --> Office 365 are actually encrypted ?

It is not because it is not SMTP, unless you talk of 2 different organizations. Exchange server - the technolgoy behind - is smart enough that SMTP is not used when sending emails in the same environment. As SMTP is not used, the question is moot.

THAT SAID: between different environments (and I do not know whether O365 is one environment or multiple - it is one for a customer, but it is a LOT of customers) SMTP may be used - then without encryption, but that is standard on the internet. Emails you send to gmail or any other company are also not encrypted.

TomTom
  • 51,649
  • 7
  • 54
  • 136
  • Okay got it. But when I need to send the e-mail out a cloud based provider for content inspection that would use plain SMTP, right ? – cyzczy Aug 15 '19 at 14:21
  • @cyzczy If you use a product like a third part antispam's product on top of o365, usually the email would flow encrypted in TLS to it – yagmoth555 Aug 15 '19 at 14:26
  • Generally - emails on the internet using SMTP are not encrypted. If you need security, send encrypted emails (which the third party provider then acutally cna not parse). Is this a security issue? Bet on it - but SMTP is ancient. 3rd party providers MAY at least mitigate this by integrating properly into O365 - i.e. the traffic does not have to leave at least microsoft ;) Takes off a lot of security issues not to cross the internet (and between MS installations you use encrypted lines). – TomTom Aug 15 '19 at 14:29
  • But if I enforce SMTP over TLS between my mail server and the receiving server, the connection is encrypted, right ? – cyzczy Aug 19 '19 at 09:27
  • Between your servers and the receiving servers - most of which may not even accept SMTP over TLS, you know. – TomTom Aug 19 '19 at 09:53