Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 565
  • Last Modified:

Outlook encryption


We are using Exchange 2007 SP3 and Outlook 2007 SP2.

I understand that communication between the Outlook client and the mailbox server is encrypted (we have that setting ticked in the client). Does anyone know how this works? Are certificates involved at all?

Does any of this change with Exchange 2010?
  • 2
1 Solution
Exchange can now automatically encrypt all e-mail messages sent within the local organization. It also automatically supports TSL (Transcript Security Layer) encryption, including built-in certificates, as long as both hosts support TLS.

There are multiple levels of encrpytion that are provided for Exchange/Outlook 2007...

Between Outlook clients and the mailbox servers, the Remote Procedure Call (RPC) data channel is encrypted using RPC encryption.  Please note that this encryption only offers protection for the data stream between the client and the Mailbox server\cluster, or between the Mailbox server\cluster and the Hub Transport servers.

Hub Transport servers have the ability to send SMTP traffic encrypted using Transport Layer Security (TLS).  TLS requires PKI certificates to work correctly, but the certificates can come from either a private or public certificate authority.  This encryption can only be used if the remote endpoint is able to utilize SMTP TLS - the TLS session is engaged shortly after the EHLO command and uses the STARTTLS command.  This functionality can provide encryption of the data stream between any two Hub Transport servers or a Hub Transport server and a remote SMTP client (if the remote client supports it).  Hub Transport servers can also try to specify all mail destined to a specific domain is protected by Mutual TLS (MTLS).

Both of the above provide protection for the data stream while messages are in transit - they do not provide protection for the message once it resides in the target mailbox.  S/MIME provides individual message encryption and message contents, even if the message is sent outside of your organization.  Almost all mail clients that exist today support S/MIME encryption - even Linux and other non-Windows clients - so using this type of encryption should work regardless of the client endpoint.
bruce_77Author Commented:
Hi there

Thanks, it's specifically the Outlook to Mailbox server channel that I'm interested. You're saying that the RPC channel is encrypted...do you know if this needs certificates or anything?

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now