When encryption services apply – Google Message Encryption Administration Guide User Manual

12

Postini Encryption Services Administration Guide

When Encryption Services Apply

Policy Enforced TLS applies to all inbound mail received from designated
domains, and all outbound mail sent to designated domains. For each your
inbound and outbound email configs, you can designate domains that require TLS
connections, and optionally certificate validation.

Message Encryption applies to outbound messages. For a group of users or an
individual, you can enable Message Encryption for all outbound messages or only
outbound messages with a specific header. Also, you can set up Content
Manager filters to trigger Message Encryption based on content in the message
header or body.

How Policy Enforced TLS and Message Encryption Interact

Message Encryption currently takes precedence over all TLS connections, except
for Policy Enforced TLS.

When you send an outbound message, Policy Enforced TLS takes precedence
over Message Encryption. If a message is sent to a domain listed in Policy
Enforced TLS, the message will be sent via TLS if possible. If the message cannot
be sent via TLS, the message fails. It is not sent to Message Encryption.

This means all messages are always delivered directly to trusted partners' mail
servers, and recipients in domains you specify are not prompted to access
messages via the Message Encryption Secure Portal or Inbox Delivery.

Note:

This applies to Release 6.12 and later. In earlier versions of the service,

Message Encryption took precedence over all forms of TLS, including Policy
Enforced TLS.