Encryption Getting Started

Encryption Getting Started

1.0 Introduction

We strongly recommend using the Quick Start wizard in the portal.  This wizard will guide you through the steps required for a typical deployment.  As you complete each step the wizard will monitor your progress and provide an easy to read summary of your implementation stats.  To access the Quick Start wizard, log into your management portal.  Then select Email Security > Encryption > Quick Start.

2.0 Provisioning

2.1 Schedule Implementation Planning Session

We encourage you engage our Professional Services team prior to starting your implementation.  Our engineers have a decades of expertise supporting enterprise organizations and are here to help. They can help you create an implementation plan or simply provide feedback on your existing plan.  Please contact your account team to schedule your 1-hour Implementation Planning Session.

2.2 Activate Encryption License

To activate your Trial License, log into your management portal.  Then select Encryption > Plans & Pricing.  Click Activate Trial.  Do not close your browser while the activation process is running.  The activation should take less than one minute, after which you will see additional tabs across the top.  Please contact your account team with questions or for technical assistance.  For convenience, your account team's contact information is listed at the bottom of the Plans & Pricing page.

3.0 Pre-Deployment

3.1 Create or Update SPF Record

Sender Policy Framework (SPF) is an anti-fraud technology that can detect email spoofing.  Our cloud platform fully supports SPF and block emails that attempt to spoof your domain name(s).  An SPF record is not required to use our cloud service, however, it is highly recommended. Additional information on SPF is available on the Sender Policy Framework Project website.
You can check to see if your domain already has an SPF Record using Scott Kitterman's SPF Record Testing Tool.

Creating an SPF Record
If your domain does not have an SPF record, you should create an SPF record as displayed below.
Type     Value
==============================================================
TXT      v=spf1 include:_spf.iotsecure.io -all

Modifying an SPF Record
If you domain has an existing SPF record, you can simply add the value below to your existing record.
Value
==============================================================
include:_spf.iotsecure.io

3.2 Create Outbound SMTP Firewall Rules

Add the following outbound rules to your firewall.
====================================================================
Address            Netmask (CIDR)   Netmask            Protocol/Port
====================================================================
162.220.57.160     /28              255.255.255.240    TCP/25
192.198.203.80     /28              255.255.255.240    TCP/25

3.3 Email Forwarding

Add Email Domain
  1. Login to the portal
  2. Click on E-mail Security > Encryption 
  3. Click on the Configuration tab. 
  4. Click the Add Domain button located on the right side of the page. 
  5. Complete the domain configuration details specific to your network.
Connection Preference:
  1. TLS Only - Message will be delivered through TLS connection. If remote server does not handle TLS then message will be forwarded to Encryption Portal and recipient will get email notification with URL to Encryption Portal where he can read original message.
  2. TLS, Plaintext - Message will be delivered through TLS connection. If remote server does not handle TLS then message will be delivered through non-secure connection.

Click Add
  1. Choose the method for verifying the domain then click OK
  2. An Agreement Pending window will be displayed reflecting the information you have entered.  The domain will become active once it has been validated.

3.4 Add Outbound IP Addresses

  1. Scroll down to the section labeled Networks on the Configuration page
  2. Click the Add Network button as shown above.
  3. A drop down box will appear.  Provide your e-mail server public IP address and network mask or select one of the pre-defined options.
  4. Click the Add button
  5. The new network will be submitted to Support for activation.  When the configuration page is refreshed the status will indicate the network activation is pending or it is active.  Contact Support if the network status is not active within 15 minutes.
  6. Click the Activate button below Outbound Email

3.5 Create Outbound Smarthost

Update the DNS names for the smarthost in your organization's mail configuration with the following.
  1. GSuite
  2. Intermedia
  3. Microsoft Exchange 2007and 2010
  4. Microsoft Office 365

4.0 Activate Encryption

4.1 AutoEncryption

  1. Login to the cloud portal
  2. Click on E-mail Security>Encryption. 
  3. Click on the Configuration tab
  4. Enable Auto-Encryption
  5. Enable automatic encryption for all outbound e-mail. Scroll down to the AutoEncryption box and click the Disabled button.

4.2 Subject Line Encryption

Notes
This feature has been depreciated. Please use the DLP engine instead.

4.2 EncryptedPortal

  1. Enable EncryptedPortal box.  This will enable encryption for e-mails with certain keywords in the subject.
  2. Click 'Add' button
  3. Configure Options for Encrypted Mail Portal
  4. E-mail recipients without TLS support on their organization's mail server will receive an e-mail notification to view encrypted mail from your organization on our encrypted mail portal.  You can customize the following options for these notifications.
  5. Select Name or logo under Customize Organization Name. This will determine if your organizations name or logo will be displayed in the notification e-mail.  You will need to upload your logo if this option is selected.
  6. Select the color scheme for the notification e-mail on the color wheel provided.