Mail encryption endpoints overview
PGP and Password encryption is not available in FIPS mode. If your |
What's a mail encryption endpoint?
A mail encryption endpoint is a package of encryption settings that are specific to one or more recipient email addresses. An endpoint can apply to a single email address, an address list, or a domain.
The endpoint tells the
Where are encryption endpoints used?
You configure policy routes and policy content rules to specify that an email message must be delivered using encryption endpoints:
-
Mail policy route
You enable encryption by changing the default delivery action. - Mail policy content rule
You enable encryption by changing the delivery disposal action.
How many endpoints do I need?
If encryption is enabled on a mail policy route, then mail from a sender and/or to a recipient for that route is encrypted. For example, you can encrypt mail sent from Anyone to My Company, or from a designated address list to a designated address list. You need to create encryption endpoints that match all of those recipients.
For example, one message could have recipients that match different endpoints such that one is encrypted using S/MIME, one signed with PGP, and one sent unencrypted. This is known as message splitting.
If no valid endpoint is found for at least one of the message recipients, encryption fails. |
Which endpoint is used?
The
For example, you could have an endpoint for all users in the My Company address list that does not encrypt their email messages, and higher-priority entries for individual users who need encryption to be applied to their email messages.
If an endpoint is found that cannot be used (because the key is expired, for example), encryption fails.
To catch any recipients that don’t match another endpoint, define a "fallback" endpoint that does not sign or encrypt at the end of the list of endpoints. |