Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

recommendations for email encryption for exchange

Posted on 2011-03-16
11
Medium Priority
?
556 Views
Last Modified: 2012-05-11
we have a need for encrypting emails that are sent from our exchange 2003 server so that outside recipients must somehow decrypt the emails to read the contents.  so far the only thing I have seen that will do this is a hosted email service where the recipients would need to create an account and log in to retrieve their emails.  

while it has the advantage of notifying the recipient that they have a new encrypted message, this is essentially the same as me encrypting internal emails and then creating an account for the external recipient and having them log in to retrieve their email.  of course it would require a lot less effort on my part to use the hosted service but would include a monthly price tag and significant startup fees as well.  

so I'm looking for other options, preferably something that is made to work with exchange 2003... any suggestions?

0
Comment
Question by:cymrich
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 7

Assisted Solution

by:waleeda
waleeda earned 668 total points
ID: 35151595
check one good product  called IronPort from Cisco
http://www.ironport.com/
0
 
LVL 7

Assisted Solution

by:brota
brota earned 668 total points
ID: 35151801
I second the IronPort.
Or if it is specific domains you could use TLS
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 664 total points
ID: 35161038
Ironport is what is called "oracle based encryption" - in that the recipient need not already have an encryption key in order to receive encrypted mail. While outlook (and to a certain extent exchange) has built-in support for using s/mime (x509) keys for encryption, the requirement that you get the encryption key to the *sender* of the email is usually where all the hard work comes in.  waleeda's recommendation of an ironport then (which is indeed a subscription service) is probably the easiest.

brota raises an interesting possibility - with exchange versions 2007 and 2010 you can *require* that the receiving server support the "TLS" encryption scheme - this is the same scheme that is used for https websites, and encrypts not the email, but the conversation between servers. In this solution, the mail is and remains unencrypted, but the link from your mail server to the recipient's is secured with encryption, hence the mail is delivered encrypted (consider ironport as delivering an encrypted telegram, but TLS as delivering a perfectly normal letter, but locked in a steel case and couriered to the recipient, who has the only key)

either are good solutions :)
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:cymrich
ID: 35168521
unfortunately we don't currently have the option of upgrading to 2007/2010 for our exchange.  I will look in to ironport though and see if it looks feasible.  thanks for the suggestions.  
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35168668
well, pre-2007 can handle tls, but can't insist on it. however, if that is what you want you could "front" your outbound traffic from exchange with an open source mailserver such as exim that CAN insist on TLS - that is a cheap alternative. you can even run exim directly on a exchange server if you use cygwin.
0
 
LVL 7

Expert Comment

by:waleeda
ID: 35168731
Ironport is very nice applaince we are already using it and it supports high availablity, its cisco products
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35168785
the ironport appliance is very nice indeed - I work for one of their resellers - but the clustering / HA is not particularly good. no doubt they will fix that in time :)
0
 
LVL 7

Expert Comment

by:waleeda
ID: 35422627
why i didnt get any points.?!!!!!
i was the first one who answered about ironport
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 35422640
I agree - waleeda may have had a fairly short answer, but given part of my answer was an amplification of his, he deserves at least some points.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question