Advanced Encryption Policy

You can configure domain-specific policies for email encryption. The "Incoming" and "Outgoing" options described below refer to mail that is received and sent by the Email Appliance, not mail that is received and sent by the network.

To configure a policy for a domain:

  1. In the Domain name text box, enter the domain name to which you wish to send and\or receive encrypted email.
    Note
    Email encryption must be turned on, and a valid domain name must be entered. If encryption if turned on, but nothing is configured in the Advanced Encryption Policy section, the appliance with attempt encryption for all incoming and outgoing domains.
  2. Select Yes to apply the policy to any sub-domains, or No to apply the policy to only one specific domain.
  3. Select the level of encryption:

    The following encryption levels are available:

    Note
    Prevent Encryption is not an option for Incoming domains.
    • Attempt Encryption: The Email Appliance will attempt, but not require, encryption for incoming or outgoing mail.
    • Prevent Encryption: The Email Appliance will not encrypt incoming or outgoing email, even if the receiving server is TLS-capable.
    • Require Encryption: The Email Appliance will not receive or send email unless the connecting server is TLS-capable. The Email Appliance will not require the connecting server to have a valid certificate.
    • Require Encryption and Validate Certificate: The Email Appliance will not send or receive email unless the connecting server is TLS-capable, and has a valid certificate.
  4. Click Add.
    The policy is added to the list of outbound encryption policies.