Mailingwork supports TLS versions 1.0, 1.1, and 1.2 for email delivery. The highest encryption level supported by the receiving email server is automatically used.
By default, Mailingwork sends the email unencrypted in this case. However, it is possible to set up forced TLS encryption for your account. In this case, emails will only be delivered to servers that support TLS. For servers without TLS support, delivery will be aborted and a bounce (undeliverability notification) will be generated.
The setting for forced TLS encryption can be activated for your account by Mailingwork staff. Please contact our Customer Service for this.
Since September 2020, Mailingwork has been operating an SSL proxy for website communication that works exclusively with the secure protocols TLS 1.2 and TLS 1.3. This affects the encryption of web access, such as to your landing pages or when clicking on links in a mailing.
To use the SSL proxy, you need to set a CNAME entry for your sending or redirect domain to "ingress.sendnode.com". Alternatively, you can also set up an A record with the IP address 185.98.186.254.
You can either provide your own SSL certificates or use free Let's Encrypt certificates that we set up for you. Let's Encrypt certificates are automatically renewed every 90 days.
When using a certificate ordered through Mailingwork, a key length of 4096 bits is used. Through the implemented cipher suites and an HSTS header with a validity of 2 years, Mailingwork offers you security appropriate to the current state of the art.