beautypg.com

Policy enforced tls – Google Message Encryption Administration Guide User Manual

Page 9

background image

10

Postini Encryption Services Administration Guide

The protocol uses cryptography to provide endpoint authentication and
communications privacy over the Internet. TLS is the email equivalent of HTTPS
for web communications and has similar strengths and weaknesses.

The key features of TLS are:

Message encryption
TLS uses Public Key Infrastructure (PKI) to encrypt messages from mail
server to mail server. This encryption makes it more difficult for hackers to
intercept and read messages.

Authentication
TLS supports the use of digital certificates to authenticate the receiving
servers. Any certificate is supported, included self-signed certificates.
Authentication of sending servers is not always necessary in TLS. This
process verifies that the receivers (or senders) are who they say they are,
which helps to prevent spoofing. Advanced options include the ability to verify
proper certificate form, domain names, and certificate authority.

Organizations that have a dedicated outbound gateway that handles only TLS
traffic can utilize the Mandatory TLS option. This feature, when activated, will
monitor the TLS handshake inbound and outbound and only allow message
transmission when the TLS handshake is successful. Notification to the sender
occurs in real time if the message can not be delivered.

For a full description of how TLS works, including key exchange information, see
Transport Layer Security for Inbound Mail in the Email Security Service
Administration Guide.

Policy Enforced TLS

Policy Enforced TLS enables organizations to identify the domain names of
gateways that require inbound and outbound message traffic to travel via a TLS
connection.

Policy Enforced TLS is enabled and configured in the Administration Console,
under TLS settings. If you have Policy Enforced TLS, you can add specific
domains for special treatment.

Key features of Policy Enforced TLS are:

Compatibility with standard TLS settings

Ability to handle important domains separately

Ability to guarantee encrypted traffic and to bounce messages if encryption is
not possible.

Policy Enforced TLS is set for an email config organization.

See also other documents in the category Google Software: