Secure Messaging

To meet the strictest government regulations concerning privacy and security and to protect confidential information, mx2020™ can delivery outgoing messages securely. This secure delivery can either be enabled by the user or managed by policy.

Messages are delivered securely in one of three ways:

1. TLS (Transport Layer Security)
2. SMTP over SSL
3. HTTPS Web delivery

Secure messaging is one of the multiple modules available in mx2020, which integrates all facets of messaging management—filtering, reporting, secure messaging, archiving, compliance and electronic discovery—into a single system managed by policy. This provides organizations with one place to control which messages to keep out, which messages to secure and which messages to store to find later.

Policy Management

A policy governing secure message delivery can be established by IT or by an authorized user in the organization who has been given permission by IT.

Customized Lexicons

The system uses policy to define which messages to secure. Organizations can create customized lexicons to identify those messages and attachments which need to be automatically secured, preventing the end-user from having to decide what should be secured.

Additionally, all messages from the organization to any specified recipient(s) can be automatically secured using policy.

TLS and SMTP over SSL

Transport Layer Security (TLS) and SMTP over SSL (Secure Sockets Layer) are two secure communication protocols that are widely used for securing the communication stream between two mail servers. These secure delivery methods ensure that no third party may eavesdrop or tamper with any message while traveling over the Internet. The use of TLS or SMTP over SSL is seamless to the end-user and does not require any complexities of a public/private key infrastructure.

When TLS or SMTP over SSL connections cannot be negotiated with the receiving mail system, then HTTPS Web delivery is available as a fallback secure messaging option. This ensures that a secured message never travels over the Internet in clear text.

HTTPS Web Delivery

When HTTPS Web delivery is invoked, a plain-text email is sent to the recipient with an HTTPS URL back to the secure mx2020 Web site. The plain-text message simply tells the recipient “You have a new secure message.” The recipient uses a Web browser to follow the link and then uses a pass phrase that was provided by the sender in order to read the message. The pass phrase must be communicated “out of band”; i.e., not in the same plain-text email with the secure URL.

How it Works: User-Enabled

1. A user can specify that a message be sent securely by typing the word [secure] (or another word that has been selected by the organization’s IT department when the system was configured) in the subject line.
2. Upon pressing send, the message is sent securely—via TLS, SMTP over SSL or HTTPS Web delivery.

How it Works: Policy-Driven

1. The organization creates a policy that certain information must be secured. Either IT or a policy administrator creates a set of rules that support this policy. One rule might be that any email message or attachment containing the words “company confidential” is automatically secured.
2. A user writes an email message, for example, which has a footer in an attachment that says “Company confidential.”
3. When the user sends the message, it is automatically sent securely—via TLS, SMTP over SSL or HTTPS Web delivery.

With Xecuritas mx2020, corporate compliance and security are not reliant on end-users. Policy can control which messages get delivered securely.