Policy enforced tls, About policy enforced tls, Features and benefits – Google Message Encryption Administration Guide User Manual

Chapter 2

Policy Enforced TLS

13

Policy Enforced TLS

Chapter 2

About Policy Enforced TLS

The email security service includes Transport Layer Security (TLS) functionality
which can be applied to all mail traffic. Policy Enforced TLS expands this
functionality, by allowing domain-based control of TLS. You can use Policy
Enforced TLS to set up a custom encryption policy to send and receive for specific
domains. For instance, you could configure Policy Enforced TLS so that all mail
sent to a partner will be encrypted with TLS, and will bounce if TLS encryption is
not possible.

When you specify encryption for a specific sender or recipient, you can be sure
that these connections are always encrypted. If Policy Enforced TLS cannot
establish a TLS connection to the other server, the message will be deferred and
no mail will be sent.

Features and Benefits

Policy Enforced TLS provides the following benefits:

•

Support for Transport-Layer Security (TLS) encryption of email. Mail is
encrypted before delivery, based on your TLS settings. You can set Policy
Enforced TLS to bounce messages which cannot be encrypted, or to allow
non-secure mail transmission.

•

Ability to configure security settings separately for specific domains. You can
name specific domains which will receive additional security. Domain-based
TLS is set for each mail server separately.

•

TLS configuration for inbound and outbound mail. Policy Enforced TLS can be
configured for inbound mail and outbound mail separately.

•

Ability to verify certificates to prevent malformed certificates or domain
spoofing.

•

Ability to send alert emails to administrators when Policy Enforced TLS
bounces a message.