Shorten NDR for failed 'Forced TLS'
When using 'Forced TLS' and partner misconfigure the TLS on their end our users will not notice until 2 days with NDR and that is way to long time.
Please inform on sent emails that require 'Forced TLS' that fail immeditally or at least within some hour (...to make up for change window). 2 days is to long and can have big impact on business.
Ryan Blake commented
Even better would be to give instant feedback in the Outlook desktop, mobile, and web app for all domains being emailed as to whether TLS is supported or not. For users who use SMTP, an instant NDR would be needed so both methods should be supported.
Duncan Arnold commented
This issue is also causing my organisation pain. As the original poster has already eluded, email that you must send securely is often time sensitive, to not receive an NDR back for 48 hours could introduce significant risk around safeguarding cases, the risk around using an opportunistic rule is also not acceptable as this could lead to sensitive email content being transmitted unencrypted. It should be straight forward to determine that a connection with the recipient service was established but a TLS session was not negotiated at which point the NDR should be instantaneous.
Iain Stark commented
Can't agree strongly enough with this. We have to use TLS1.2 with our partners and we need to know immediately if there is an issue with the sending. Having to wait 48 hours before the NDR is far too long given there is no notification at all that it has been deferred.
Kim Sørensen commented
It is vital to let the end user know if their mail has failed because of forced TLS. This must be informed ASAP, so they can send it another way!