Advanced TLS Configuration
Understand how TLS works and the different TLS policies available.
Bu KinoshitaEmail encryption is crucial for protecting sensitive information.
Resend already supports TLS 1.2, TLS 1.1 and TLS 1.0 to help you secure your email communication. But now, you can also customize the TLS policy for your emails.
There are two types of TLS configurations available:
- Opportunistic TLS
- Enforced TLS
How to update the TLS configuration?
You can update the TLS configuration directly from the Resend Dashboard.
Or you can use the Resend API. Here's an example using the Node.js SDK:
What is Opportunistic TLS?
Opportunistic TLS means that Resend always attempts to make a secure connection to the receiving mail server.
If the receiving server does not support TLS, the fallback is sending the message unencrypted.
What is Enforced TLS?
Enforced TLS means that the email communication must use TLS no matter what.
If the receiving server does not support TLS, the email will not be sent.
Is Enforced TLS better than Opportunistic TLS?
One strategy is not necessarily better than the other.
The decision is less about one option being safe and the other being unsafe, and more about one option being safe and the other being safer.
When you have Enforced TLS enabled, you might see an increase in bounce rates because some outdated mail servers do not support TLS.
So it's important to understand the different use cases for each configuration. If you're sending sensitive information like authentication emails, you might want to use Enforced TLS. If you're sending marketing emails, you might want to use Opportunistic TLS.
In simple terms, with Opportunistic TLS, delivery is more important than security. On the other hand, with Enforced TLS, security is more important than delivery.
Next steps
This is a fairly advanced feature, but it can be useful to customize the security of your email communication.
If you want to learn more about how to configure TLS, check the API documentation.