Postmaster info


JCloud mailservers


To send mail to JCloud receivers, some receiving services at JCloud require that the sending email address is valid and reachable.



2018-08-01 Notice about GDPR and changes to TLS-encryption

When an email is sent using TLS/encryption, the communication should be considered secure. If not, there is no reason to use encryption as it creates a false trust that could cause serious privacy concerns.

The TLS standard support several encryption/digest algorithms and handshakes. Several algorithms were previously considered secure, but with todays knowledge and hardware capabilities they are no longer secure.

Unsecure algorithms have many times been deprecated over time. Since august 2018 there was another round of such deprecation.

This deprecation comes due to various requirements from multiple sources, including GDPR, OpenPeppol AS2/AS4, PCI compliancy and best practise.
JCloud are legally unable to permit unsecure TLS-communication.

Starting from august 2018, the following minimum security is required


In other words, the following is deprecated

TLS version 1.2 was adopted in 2008, so if your system do not support this version you most likely have critical security issues.
More info about TLS security at https://english.ncsc.nl/publications/publications/2021/january/19/it-security-guidelines-for-transport-layer-security-2.1


2020-03-10 Notice about strict TLS enforcement

Some of our services will require TLS when delivering mail. If the receiver does not support TLS or the TLS certificate is invalid, the email will no longer be delivered.
Note that this enforcement is not enabled for our ordinary end-users sending mail.
Some of our existing users may have configured TLS-requirements regardless of this change.
Strict TLS is the only way to send mail securely. Many providers today use opportunistic TLS. This method is however even more unsecure than non-encrypted mail because the user may believe the mail communication is encrypted, but it is trivial to trick the system to disable it at any time. A user therefore might use the system for highly sensitive content while the email was in fact sent non-encrypted.



2023-10-03 EC certificates and missing trust validation

It has come to our attention that some providers do not support EC certificates (rfc5480); A standard from 2009. Upon request we may use RSA certificates.
Some providers also do not validate the certificate trust chain, nor support SNI, nor validate the CN (Common Name) in the certificate.
This is in violation with minimum security.