Provide extra option of sending through TLS only (Forced TLS)
Today, Kerio provides two options for TLS:
1, No TLS
2, Opportunistic TLS: Kerio Connect uses TLS (STARTTLS) for sending/receiving emails whenever it is possible. But it is not mandatory, so the email is delivered over unsecure connection if the TLS fails or cannot be established. Kerio falls back to normal unsecure SMTP if TLS cannot be used.”
In the future, Kerio should provide 3 options for TLS:
1, No TLS
2, Opportunisitic TLS
3, Forced TLS: For each domain, the administrator can define a set of partner-domains for which only TLS-encrypted mail is possible. If Kerio detects unsecure connection for such a partner-domain, it will not send the mail but alert the user. If user send to another domain, the systems works in the opportunistic TLS mode.
Fernand Jonker commented
Yes, our banks are starting to require this for communcation in Canada.
Jeroen Keerl commented
Especially the financial sector is making heavy use of this feature to ensure compliance with PCI-DSS and / or ISO27001. If Kerio wants to compete with other mail server companies, this should be implemented asap. Exchange, Communigate, Sendmail and postfix all support this.