CheckTLS Outlook Add-In Design
How It Works
When you click the Send button in Outlook, the Add-In automatically pops-up. It finds all of the unique domains in your list of TO:, CC:, and BCC: addresses and then tests each of them for TLS.
If A Domain Fails
If any domain fails, meaning the email would be sent plain text, it stops and asks you if you want to send the message anyway, go back and change it (to remove the offending addressee or remove any confidential information), or cancel (delete) the message.
If All Domains Are OK
If all the domains are OK, the pop-up disappears and Outlook sends the message.
If Some Domains Are OK and Some Are Not
The Add-In displays just the insecure domains so you can decide what to do.
While the Add-In is checking domains and the pop-up is visible, you can interrupt it and send the email, change it, or delete it. This is useful if an email has many addressees and you know after just a few domains that the email is OK or that you need to change it.
To speed the test up even more, the Add-In lets you list domains that the test can skip, either because you know, like your own domains, that they are secure, or you don’t care if emails to them are encrypted.
You can host a config file that lets you tune the Add-In. It allows you to set the allowed versions of TLS, cipher suites, certificates, timeouts, and link to a web page you host with usage and support instructions for your users.
Only Works With Outlook on Windows
Today the Add-In only works with Outlook on a PC. Microsoft does not yet have all the functionality we need to implement the Add-In in their broader O365 add-in framework that works with Outlook (PC, MAC, smart phone), Exchange, and O365 on-line.
Speed vs Security
By default, the Add-In uses the CheckTLS QUICK option to test just the first MX host, which is the same one your mailer will use. The QUICK option only takes a few seconds, as opposed to the full CheckTLS Test Receiver that looks at all the MX hosts. A configuration parameter lets you use the full test if security is worth a few more seconds to you.
What If Something Goes Wrong?
The Add-In is designed to get out of the way if anything goes wrong. It will either disappear completely, or display a warning and allow the email to send.
What If the Add-In Fails?If the Add-In fails to start or initialize correctly, Microsoft automatically disables it. Microsoft also disables any Add-In that is too slow.
If the Add-In fails or crashes while testing an email, the email remains saved as a draft. If the Add-In continues to fail, you can uninstall it and send the message normally.
What If the CheckTLS Servers Fail?The Add-In displays an error message and gives the user the normal choices (cancel, delete, send) for what to do with the email.
Could the Add-In Change the Email?No. The Add-In does not look at or touch the contents of the email.