search cancel

Inbound Symantec Encryption Management Server Web Email Protection messages are not classified as Confidential or Private

book

Article ID: 162636

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

When a Symantec Encryption Management Server Web Email Protection user composes and sends a message to an Internal user or another Web Email Protection user, the message is not classified with a Sensitivity level of Confidential or Private. Therefore, any reply to that message is not, by default, sent securely.

The very fact that a user chooses to send a Web Email Protection message rather than simply sending the message using their standard email client strongly implies that they want the message to have a Sensitivity level of Confidential or Private.

Cause

If a message with a Sensitivity level set is sent by an Internal user to a Web Email Protection user, the Sensitivity level is retained when the Web Email Protection user replies.

However, there is no facility for a Web Email Protection user to compose a message with a Sensitivity level. Therefore, messages they compose are sent without a Sensitivity level. This means that if an Internal user or other Web Email Protection user replies, the message is not sent securely.

Resolution

Add a Mail rule to add a Sensitivity setting of Confidential to all inbound Web Email Protection messages.

To do this in Symantec Encryption Management Server 3.3.2:

  1. In the administration console, Click on Mail / Mail Policy
  2. Click on the Outbound policy chain.
  3. Click on the Add Rule... button.
  4. Enter a name for the new rule, eg, Set inbound WEP messages to Confidential.
  5. Optionaly, enter a description of the rule, eg, Gives all inbound Web Email Protection messages a Sensitivity setting of Confidential providing they do not already have a Sensitivity setting.
  6. Set the first Condition as: Service type is Symantec Web Email Protection
  7. Click on the + Add Condition button to add a Condition
  8. Set the new Condition as: Recipient domain is in dictionary Managed Domains
  9. Click on the + Add Group button to add a new group of conditions.
  10. In the Condition Group drop down list select: If none of the following are true
  11. Set the first Condition as: Message header Sensitivity is Company-Confidential
  12. Select the Condition Group and click on the + Add Condition button to add a Condition.
  13. Set the second Condition as: Message header Sensitivity is Private
  14. Click on the Actions button.
  15. Select the following action: Add message header
  16. Enter the header Name as: Sensitivity
  17. Enter the header Value as: Company-Confidential
  18. Enable the option: Replace existing message headers with the same name
  19. Click on the Save button to save the rule.
  20. The rule will be listed at the end of the Outbound Policy Chain. Change its rule number to 1 so that it moves to the top of the chain.

The rule Conditions appear as follows:

 Set inbound WEP messages to Confidential conditions

The rule Actions appear as follows:

Set inbound WEP messages to Confidential actions

With the new rule in place, the following occurs:

  • When a Web Email Protection user composes a message, that message will have a Sensitivity level of Confidential applied.
  • If a Web Email Protection user replies to a message that already had a Sensitivity level of Confidential, the Sensitivity level of Confidential will be retained.
  • If a Web Email Protection user replies to a message that already had a Sensitivity level of Private, the Sensitivity level of Private will be retained.
  • If a Web Email Protection user replies to a message that already had a Sensitivity level of Personal, the Sensitivity level of Personal will be replaced with a Sensitivity level of Confidential. This is necessary because messages with a Sensitivity level of Personal are not, by default, sent securely.

Attachments