How does encryption work in ZixGateway?

With our shared Zixgateway server all encryption policies are enabled by default. You will setup a transport rule such that only email sent to external recipients get routed to the ZixGateway for inspection. There is no point in sending internal email to the Zixgateway since all internal mail is encrypted using Transport Layer Sercurity (TLS) if your mail platform supports TLS.

In our multi-tenant ZixGateway, we have the TLS method of routing enabled which means, after scanning your email and its attachments and we find that the message needs to be encrypted, one of the following will happen;

 

  1. If your recipient is also using ZixGateway ( Zix to Zix ), we will deliver the message through the TLS tunnel that exist in the Zixgateway network. This message was in fact delivered encrypted over a TLS tunnel and will arrive directly in your recipients inbox. A blue banner with the message “This message was sent securely using ZixCorp. ” will be pre-pended to the message body.
  2. If your recipient’s mail server supports a TLS connection, the message will be sent via TLS to that mail server and a footnote will appear on the bottom of the message that says; —————————————————– This message was secured by ZixCorp(R).
  3. If neither of the above scenarios are true meaning, the recipient does not have a ZixGateway or the recipient’s mail server doesn’t support TLS, the email will be securely delivered to a ZixPort and the recipient instead will get a clear text email with a link to the ZixPort to retrieve the message. see below

 

 

Clicking on the link will bring the user to the Zix Message Center where they can create a password, login and read and download the message

What are the steps to implement ZixGateway?

Setting up ZixGateway is easy. Below are the general steps that need to be implemented.

Step 1. Create MX records at the subdomain level of your primary email domain.

Step 2. If you use SPF records, you must include the ZixGateway IP address in the SPF record since the ZixGateway is essential a smart host relay where mail from your domain will be forwarded.

Step 3. You should whitelist the ZixGateway IP on your email server.

Your ZixGateway deployment coordinator will the verify your MX and SPF records and then submit your domain to the ZixDirectory and then notify you when you can enable your send connector so you can begin using the ZixGateway service.

Step 4. Enable your send connector and any mail transport rules to begin using the service. You should notify your Zix deployment coordinator so mail flow can be tested and ensure it is set up properly.

Please refer to our knowledge base articles for details on setting up ZixGateway depending on your email platform. Please note that your ZixGateway IPs may vary depending up where your ZixGateway is hosted.