Outlook encryption

Posted on 2011-10-19
Last Modified: 2012-05-12

We are using Exchange 2007 SP3 and Outlook 2007 SP2.

I understand that communication between the Outlook client and the mailbox server is encrypted (we have that setting ticked in the client). Does anyone know how this works? Are certificates involved at all?

Does any of this change with Exchange 2010?
Question by:bruce_77
    LVL 7

    Expert Comment

    Exchange can now automatically encrypt all e-mail messages sent within the local organization. It also automatically supports TSL (Transcript Security Layer) encryption, including built-in certificates, as long as both hosts support TLS.
    LVL 7

    Accepted Solution

    There are multiple levels of encrpytion that are provided for Exchange/Outlook 2007...

    Between Outlook clients and the mailbox servers, the Remote Procedure Call (RPC) data channel is encrypted using RPC encryption.  Please note that this encryption only offers protection for the data stream between the client and the Mailbox server\cluster, or between the Mailbox server\cluster and the Hub Transport servers.

    Hub Transport servers have the ability to send SMTP traffic encrypted using Transport Layer Security (TLS).  TLS requires PKI certificates to work correctly, but the certificates can come from either a private or public certificate authority.  This encryption can only be used if the remote endpoint is able to utilize SMTP TLS - the TLS session is engaged shortly after the EHLO command and uses the STARTTLS command.  This functionality can provide encryption of the data stream between any two Hub Transport servers or a Hub Transport server and a remote SMTP client (if the remote client supports it).  Hub Transport servers can also try to specify all mail destined to a specific domain is protected by Mutual TLS (MTLS).

    Both of the above provide protection for the data stream while messages are in transit - they do not provide protection for the message once it resides in the target mailbox.  S/MIME provides individual message encryption and message contents, even if the message is sent outside of your organization.  Almost all mail clients that exist today support S/MIME encryption - even Linux and other non-Windows clients - so using this type of encryption should work regardless of the client endpoint.
    LVL 2

    Author Comment

    Hi there

    Thanks, it's specifically the Outlook to Mailbox server channel that I'm interested. You're saying that the RPC channel is you know if this needs certificates or anything?

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now