Quarantined messages, Authentication and certificates – Google Message Security for Google Apps Administration Guide User Manual
Page 300
300
Message Security for Google Apps Administration Guide
4.
Google Apps Mail sends certificate information (including the public key for
encryption) to the message security service.
5.
The sending server encrypts and delivers the message to the message
security service.
6.
The message is decrypted, processed for viruses, and filtered based on junk
mail settings and email policies (such as message attachments and content
type). Other than the initial decryption, filtering is identical to normal filtering.
7.
The message is encrypted again and delivered to Google Apps Mail via TLS.
As noted above, messages are decrypted in memory for virus and junk mail
processing. In some instances, mail delivered via TLS is stored unencrypted:
Quarantined Messages
Quarantined messages are stored unencrypted in our secure network, and then
delivered encrypted to Google Apps Mail when delivered from the Message
Center. Both the quarantine summary message links and the Message Center
allow users to display the messages in a browser by unencrypted HTTP.
If your company’s security policy does not allow users to view any messages
without encryption, you can disable the display of messages by turning off
message links. See “Configuring the Quarantine Summary” on page 160 for
information on how to do this.
Authentication and Certificates
Following is a description of certificate processing in incoming TLS mail
transactions.
1.
TLS traffic is delivered to the message security service using authority-
signed certificates.
When the message security service processes your incoming messages, the
sending mail server receives an SSL certificate that references a mail server
managed by the message security service.
It is possible to employ encryption up to the 256-bit level (the highest level
commercially available).
2.
TLS traffic delivered from the message security service to Google Apps
Email is encrypted using your certificate.