Forcepoint email encryption

The Forcepoint Email Encryption option enables the email hybrid service to perform message encryption on outbound messages. Forcepoint email encryption is available only if your subscription includes the Forcepoint Email Security Hybrid Module and the Forcepoint Email Security - Encryption Module, and if the email hybrid service is registered and enabled.

You can also specify Forcepoint Email Encryption as a backup encryption method if mandatory TLS encryption is selected. See Mandatory Transport Layer Security encryption.

When an email DLP policy identifies an outbound message for encryption, the message is sent to the email hybrid service via a TLS connection. If the secure connection is not made, the message is placed in a delayed message queue for a later delivery attempt.

The SMTP server addresses used to route email to the email hybrid service for encryption are configured during the Forcepoint Email Security Hybrid Module registration process. Use the Delivery Route page under Settings > Hybrid Service > Hybrid Configuration to add outbound SMTP server addresses (see Define delivery routes).

If the email hybrid service detects spam or a virus in an encrypted outbound message, the mail is returned to the message sender.

The email hybrid service attempts to decrypt inbound encrypted mail and adds an x-header to the message to indicate whether the decryption operation succeeded. Message analysis is performed regardless of whether message decryption is successful.

The hybrid service does not encrypt inbound or internal mail. A DLP policy must be modified to designate only outbound messages for encryption when the email hybrid service is used.

See Forcepoint Email Security Message Encryption for more information.