1 min read

Paubox eliminates email security risks for expired and self-signed SSL certificates

Picture of Hoala Greevy Hoala Greevy November 18, 2025

From the founder Paubox news
Paubox eliminates email security risks for expired and self-signed SSL certificates

Earlier this year we published a report detailing how Google Workspace allows obsolete versions of TLS to be used when sending email. The report also detailed a litany of scenarios in which Microsoft 365 customers send unencrypted email over the internet. Both are potential HIPAA violations.

Back in 2021, we led the way for email security in healthcare by eliminating support for obsolete TLS protocols on our platform.

In other words, steps we took over four years ago to secure email on the internet are still being ignored by Google and Microsoft.

We are therefore pleased to announce we've taken another step forward in HIPAA compliant email- we eliminated support for expired and self-signed SSL certificates. 

This post explains what we did, what changed, and plans going forward.

 

What did we do?

In a nutshell, our patented approach for HIPAA compliant email is making sure obsolete or non-existent encryption protocols are never used.

In other words, if a Paubox customer sends an email to recipient whose mail system does not use TLS encryption, or if the system only supports obsolete versions of TLS, the email message and any attachments are automatically converted to the Paubox Secure Message Center (SMC).

Keeping with that logic, if a recipient's mail system has TLS encryption configured with a self-signed SSL certificate, we now automatically convert the message to the Paubox SMC.

If a recipient's mail system has an expired SSL cert, the message (and any attachments) is also converted to the Paubox SMC.

 

What's changed?

Here's a list of SSL certificate scenarios and how Paubox supports them:

  • Self-signed SSL certificate: Not supported, message converted to Secure Message Center
  • Expired SSL cert: Not supported, message converted to Secure Message Center
  • Valid SSL cert: Supported, message sent via seamless TLS.

 

How much does it cost?

There is no additional charge to take advantage of this rollout.

 

Plans going forward

The work we do around HIPAA compliant email is important. As the internet continues its maturation, we continue to lead the way in future email security improvements.
Send PHI securely—No portals required. The all-in-one email security suite for healthcare. HIPAA compliant email with Google and Microsoft.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.