Getting Started With Policy-Based Encryption

The Policy-based Encryption service allows customers to set up filters based on the content of a message, if the message meets the set criteria it will be encrypted. Once signed up for this service, all messages sent from Diligex mailboxes to external recipients are processed according to configured policies and encrypted, if required.

What happens when the email is encrypted?


  1. A sender gets 'Your message was encrypted' email. An email has information about encrypted message, such as subject, date and time.
  2. A recipient also gets an email from Message Pickup Center (MPC):
    • If the recipient has not been activated in the MPC before, he or she must activate a new account in the MPC to read encrypted message. The activation information (activation password and link) is provided in the message. To activate the account the recipient will need to follow the activation link and enter the name and activation password. The recipient will also create a new password for the MPC.
    • If a recipient was using Message Pickup Center (MPC) before, he or she will get a message from MPC with the subject 'You have a new encrypted message from [sender's address]'. This email will have information about encrypted message, such as subject, sent and expiration date, along with the link to access the encrypted message. The recipient should follow the link and enter his or her email address and password (created during activation) to login. After that the recipient will have access to the message.

      If the activation info was not sent or the recipient forgot the password, activation can be reset. To reset activation the recipient should do the following:
      • Navigate to Message Pickup center
      • Click Forgot your password? link
      • Enter the email address of the mailbox where encrypted message was delivered
      • New activation email will be sent to that email address

Mailflow changes with the Policy-Based Encryption service

  1. All messages to external recipients are routed to a special gateway.
  2. At the gateway, all messages are checked according to policy settings.
  3. The gateway has a list of policies for handling messages that fall under certain conditions. Possible actions are: encrypt, send unencrypted, discard, or return to sender.
  4. If a message should be encrypted, it is routed to the Message Pickup Center. Recipients get a notification with a URL to read the message after registration.

When email is sent from our server and Policy-based Encryption is triggered, the recipient can view and reply to the encrypted email using their Message Pickup Center in their web browser. When the recipient replies to an encrypted message, through the website interface, the message is sent using an encrypted connection to Diligex servers. Intermedia servers have the appropriate software installed to decrypt the email so that the recipient won't need to use the message pickup center to read the email, but instead can read it using Outlook or Outlook Web App. And when a desktop Outlook application connects to Intermedia Exchange server to view email it uses a TLS-encrypted connection, so the message cannot be intercepted by a third party.

Important: if recipient replies to the encrypted message, it will not be encrypted automatically.


Managing Policy-Based Encryption

Policy-based Encryption is managed through web interface. In order to customize Policy-based Encryption for your business’ requirements, you must first create rules that will “filter” messages for specific content, such as if a message is sent to a specific email address, if it includes a credit card number or if it includes a spreadsheet attachment. These rules are easily created and maintained using the Administrative Console - a web-based tool for creating and managing encryption rules and policies.

Note: The link to the admin web interface is sent to the email address that was specified upon service installation, along with the username and password.

Important notes:

  • All messages coming through the Encrypted Mail Gateway have a 40 MB size limit. The size of the original message will increase while it is routed; therefore, the attachment size is limited to 25 MB depending on the rest of a message.
  • Policy-Based Encryption is account-wide. Messages sent from each Exchange mailbox are forwarded through the gateway.
  • All changes to the policies and other settings are made through the administrative interface.
  • Policy-Based Encryption does not require any software to be installed on the client computer. Message encryption and decryption is performed on the servers the message was routed to.


Powered by Zendesk