Features and benefits, How policy enforced tls works, Inbound policy enforced tls mail flow – Google Message Security for Google Apps Administration Guide User Manual

308

Message Security for Google Apps Administration Guide

Features and Benefits

Policy Enforced TLS provides the following benefits:

•

Support for Transport Layer Security (TLS) encryption of email. Mail is
encrypted before delivery, based on your TLS settings. You can set Policy
Enforced TLS to bounce messages which cannot be encrypted, or to allow
non-secure mail transmission.

•

Ability to configure security settings separately for specific domains. You can
name specific domains which will receive additional security. Domain-based
TLS is set for each mail server separately.

•

TLS configuration for inbound and outbound mail. Policy Enforced TLS can be
configured for inbound mail and outbound mail separately.

•

Ability to verify certificates to prevent malformed certificates or domain
spoofing.

•

Ability to send alert emails to administrators when Policy Enforced TLS
bounces a message.

How Policy Enforced TLS Works

Following is an overview of the data flow of Policy Enforced TLS. Policy Enforced
TLS handles inbound and outbound mail flow separately.

Inbound Policy Enforced TLS Mail Flow

If you have Policy Enforced TLS enabled for inbound mail, specify a list of sending
domains. Mail from these domains will be encrypted, while other domains use
your normal TLS rules.

For inbound mail traffic, the email protection service acts as a proxy between the
sending server and Google Apps Mail. Inbound messages are received through
two separate SMTP connections.The first connection is from the sending server to
the email protection service. The second connection is from the email protection
service to Google Apps Mail.