Messages sent from Web Email Protection users to internal users are not encrypted
search cancel

Messages sent from Web Email Protection users to internal users are not encrypted

book

Article ID: 218026

calendar_today

Updated On:

Products

Gateway Email Encryption Gateway Email Encryption Powered by PGP Technology Encryption Management Server Encryption Management Server Powered by PGP Technology Desktop Email Encryption Desktop Email Encryption, Powered by PGP Technology

Issue/Introduction

When an Encryption Management Server Web Email Protection user sends a message to an internal user, the message is not encrypted.

This occurs because, by default, messages from Web Email Protection users are treated as Outbound.

In the Encryption Management Server administration console, under Mail / Mail Policy there is an Outbound policy chain.

One of the rules near the top of the Outbound policy chain is:

No Encryption for Regular Internal Users

The Conditions for that rule are:

If all of the following are true:

  • Recipient domain is in dictionary Managed Domains
  • Recipient key mode is Server Key Mode (SKM)

And none of the following are true:

  • Application is external Symantec Encryption Desktop

In many environments, this rule will be matched when a Web Email Protection user sends a message to an internal user and therefore the message will be sent unencrypted.

Environment

Symantec Encryption Management Server 3.4.2 and above.

Resolution

If an internal user does not have Desktop Email Encryption installed, they will not be able to decrypt messages. Therefore the rule No Encryption for Regular Internal Users is necessary for such users.

If all internal users have Desktop Email Encryption installed then this rule can be disabled. This will cause the message to be encrypted if any of the conditions in the rule named Always Encrypt Sensitive Messages are matched. By default, the conditions are:

If all of the following are true:

  • Message subject contains [PGP]
  • Message header Sensitivity is Company-Confidential
  • Message header Sensitivity is Private

To disable the rule from the Encryption Management server administration console:

  1. Navigate to Mail / Mail Policy.
  2. Click on the Outbound policy chain.
  3. Click on the rule No Encryption for Regular Internal Users.
  4. Click on the check box next to This rule is enabled. It will change to This rule is disabled.
  5. Click the Save button.

Alternatively, a rule can be added that encrypts messages to internal users who are members of a particular Consumer Policy. For example, all users with Desktop Email Encryption may be members of a particular consumer policy. The conditions for such a rule might be:

If all of the following are true:

  • Service type is Symantec Web Email Protection
  • Recipient consumer policy is Desktop Email
Powered by Wolken Software