Email Encryption Setup

  1. Email Services
  2. Email Encryption
  3. Email Encryption Setup

Email encryption is easy to set up with Greenview Data's hosted encryption. Depending on how fast these steps are completed, encryption is ready within 2 days.

Sign Up For Email Encryption

If you are already a Greenview Data customer, just submit a support ticket requesting the Encryption service. We will have a few quick questions about your infrastructure (how many users, IP address of your mail server, etc.) and your needs for filtering (HIPAA, Financial terms, SSNs, etc.).

If you are not a customer yet, it's just as easy! All you have to do is Sign Up Now and we'll walk you through the process.

Configure Encryption MX Records

Create MX records for a subdomain called zixvpm.<Your Domain> when they are supplied to you by our support staff.

These MX records are for a subdomain, not your main domain.

If you are an existing ZixGateway customer, these MX records will initially point to your existing ZixGateway, or whatever exists on the "zivpm.<Your Domain>" subdomain. By changing them, you're only introducing us as a relay before your existing ZixGateway. This means that you'll just have an additional "hop" in front of your existing ZixGateway, which will still do the decrypting of the messages until it gets de-activated in Step 3.

If you are not an existing ZixGateway customer, these MX records will never be queried, and will not impact your mail flow at all.

Configuration of our Encryption Service

Answer a brief questionnaire including your mail server's IP address(es), and what filters you'd like enabled. For reference, here is the questionnaire:

  1. Please confirm you have logged in to your account and used the Email Diagnostics to ensure that all the tests pass.
  2. Fill out your Incoming and Outgoing information. The "Incoming" can be a host name, for instance: mail.example.com, but the "Outgoing" must be an IP addresses.
  3. Specific information you're interested in encrypting, the stricter the filtering the more likely some messages will be unnecessarily encrypted.
    • Protected health information (HIPAA)
    • Personal financial information
    • Credit card numbers
    • Social Security numbers
    • State based privacy laws (MA, NV)
    • All of the above
  4. Configure users on the domain that are going to use the service.

If you have an existing ZixGateway, our support staff will walk you through decommissioning its keys and re-activating the service right before Step 4. If timed correctly this step will have minimal impact on your mail flow.

Mail Server Configuration For Encryption

When prompted by our staff, you can set a smart host on your mail server to relay mail through our encryption gateways.

It is possible to encrypt the email traffic for a select group of users, instead of enable email encryption for all of your users. A send connector would need to be created to point to our outbound smart-host cluster. Once configured, we are able to separate your users email and only encrypt email sent from a specific list of users. i.e. you can choose to have email encryption services for 5 users instead of everyone at your domain.

links to Exchange 2003, Exchange 2007, Exchange 2010, Exchange 2013, Exchange 2016, Office 365 and Google Apps mail server configurations.

Optional Encryption Configurations

Optional encryption configurations some clients my find useful:

Include our servers in your domain's SPF records as provided by our staff in the support ticket

Create SPF records for your domain. Although the MX records above are in a subdomain called zivpm.<Your Domain>", the SPF/TXT records should be in your main domain's zone. Your TXT records will include all of our outbound servers, using three "include" statements.

For instance, include: 

<example-tld>.spf-a.smtp25.com include:<example-tld>.spf-b.smtp25.com include:<example-tld>.spf-c.smtp25.com

Use TLS/SSL certificates

Although this step is optional, it cannot be stressed enough how important it is. Since the email messages are not encrypted by our service until they reach our servers, messages will leave your infrastructure in clear text unless you secure your transmission to us. Self-signed certs will work fine, and most servers include functionality to generate them (Exchange 2007/2010 do by default).

Related Encryption Articles and Guides

24/7 Live Support

Our technical support team is also available 24/7/365 via phone, chat, email or by opening a ticket through your account to help with any Zix Encryption questions. Contact us anytime. We're always here. 24/7/365.

Retrieved from "https://www.greenviewdata.com/mediawiki/index.php?title=Email_Encryption_Setup&oldid=4193"