How Paubox securely delivers email when a mail server's certificate fails

Paubox automatically encrypts every outbound email using TLS (Transport Layer Security) 1.2 or higher. TLS ensures that messages are encrypted while traveling between mail servers, keeping your communications secure and HIPAA compliant.

However, in some cases, the recipient’s mail server may have issues with its security certificate, which means Paubox can't safely deliver mail with TLS.

This article explains how Paubox handles those situations to ensure your messages remain protected and delivered successfully.

When the recipient's mail server can't be trusted

Paubox verifies the recipient’s mail server certificate before establishing a TLS connection. If the certificate cannot be trusted, Paubox will not send the message using that connection.

Common reasons a certificate may not be trusted include:

• Expired certificate: The certificate’s validity period has ended and is no longer considered secure

• Self-signed certificate: The certificate was not issued by a trusted Certificate Authority (CA)

How Paubox handles these cases

When Paubox detects any of these issues, we automatically switch to sending the email via the Secure Message Center. 

This process ensures that the message is never sent over an insecure channel, even when the recipient’s mail server cannot be trusted.