Open with table of contents

Email encryption overview

The Email Gateway helps you to set up email encryption policies based on either policy routes or policy content rules:

• Mail policy routes
  Who is the message going to?
• Mail policy content rules
  Is there content in the message such as confidential material or a particular file type?

Email encryption technologies

Email messages can be encrypted using key (S/MIME or PGP) encryption, password encryption, or TLS encryption.

Email signing

Email messages can be signed using S/MIME or PGP keys. The private key of a person is used to digitally sign a message so that the sender or recipient can prove that the message has not been tampered with by the time that it is received.

Signing messages provides the following benefits:

• Authentication
  Proof that the message sender is who they claim to be
• Non-repudiation
  Proof that what is in the message is what the sender wrote

Exchange encrypted email with external partners

To allow external partners to send encrypted email to your organization, you can supply S/MIME or PGP keys by using Mail Initiated Key Exchange (MIKE). This process allows an external partner to request keys directly by email, and an internal user in your organization to forward keys to an external partner by email. Depending on the request and available keys, an external partner will receive your organization's public keys in the form of email attachments.

Tell me about...

• Mail policy routes: encryption and decryption policy
• Enable encryption on a mail policy route
• Encrypt email using mail policy content rules

How do I...

• Choose an encryption technology?

  See Choose an encryption technology.

• Set up email encryption?

  See Set up email encryption.

• Define an automatic mail signing endpoint?

  See Define an automatic mail signing endpoint.

• Exchange encrypted email with external partners?

  See Share keys with external partners.