Reply
Frequent Advisor
taekwanleap
Posts: 47
Registered: ‎Wed 29-Jun-2011
0
Accepted Solution

Encrypted Email to Multiple Recipients and Encrypting All Outbound Email

I have 2 questions.

 

1.  What happens if a user sends an email to multiple email recipients they encrypt?  Will each email recipient be allowed to create their own account to open/view the encrypted email?  Or does encrypted email need to be sent on a one-to-one basis?

 

2.  Can you set the ES100 to encrypt all outbound email whether it needs it or not?

 

Answers and advice appreciated especially on question 2.  Not saying I would do this but was curious.


Thanks!

VIP
Erric
Posts: 47
Registered: ‎Wed 25-Nov-2009
0

Re: Encrypted Email to Multiple Recipients and Encrypting All Outbound Email

Hi there,

 

So about #2, there are a couple of things to consider. I'm not speaking directly to the ES100, but to mail servers in general:

 

A. You can encrypt the transport of SMTP with TLS. So communications between Company X and Company Z are not (usually) susceptible to a third party.

 

B. Each sender decides on their own to encrypt any given message. Usually this requires the sender and recpient to agree on a means of encryption they both have access to. For example PGP / Entrust / MS Exchange certificates.

 

The issue with A. is that not everyone runs their SMTP system this way. Mine personally will Try TLS, and fall back to plain SMTP if no one is talking TLS. Also, once a site receives a message, it's likely no longer protected since TLS is only about the transport.

 

The issue with B is that for most clients, it's cumbersome and if you manage to get an enitre site to agree on one program, chances are very good that communications to external clients won't be viable because the have chosen an incompatible encrption program.

 

Now, about the appliance, it sounds like Sophos has solved option B? It sounds like when someone receives an encrypted e-mail from this appliance, they are given a way to read it, even if they do not have the same appliance / mail system?

 

Erric

Frequent Advisor
taekwanleap
Posts: 47
Registered: ‎Wed 29-Jun-2011
0

Re: Encrypted Email to Multiple Recipients and Encrypting All Outbound Email

We are currently use SPX encryption not TLS.

 

I should have clarified that in my original post.

 

So if I send an encrypted email using SPX encryption to multiple recipients - what happens?  Will the appliance send a separate registration link to each email recipient?  Or does sending an SPX encrypted email need to be a one-to-one ratio?

 

And, can you encrypt all outbound email using a rule or policy on the appliance where SPX encryption gets applied to all outbound email?  Again, not saying I would do this but curious if it could be done and thoughts about it.

Employee
JasonWong
Posts: 98
Registered: ‎Mon 23-Nov-2009
0

Re: Encrypted Email to Multiple Recipients and Encrypting All Outbound Email

Hi,

 

To answer your encryption questions, yes all recipients in a multi-recipient message will have their own password if the SPX template was set to require the recipient to create one.

 

As for requiring SPX on all outbound messages, yes same principle applies, you choose encrypt message with SPX as the main action.  Although, depending on the traffic and number of appliances, this may not be the ideal situation unless you absolutely require every single piece of mail to be encrypted.  This can add a delay for users to receive mail messages.

 

-Jason

For our other self-service and peer-to-peer online support systems:

Frequent Advisor
taekwanleap
Posts: 47
Registered: ‎Wed 29-Jun-2011
0

Re: Encrypted Email to Multiple Recipients and Encrypting All Outbound Email

Jason,

 

Thanks for the reply.  I performed a test sending an encrypted email to multiple recipients and it worked perfectly.

 

As far as encrypting all outbound email.  It was something someone here asked me why don't we just do that instead of letting the end user selectively choose whether or not to encrypt an outbound email.

 

I have my own personal reservations for not doing this which includes the very things you pointed out as well.

 

Thanks for posting.