Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


FOPE outbound encryption policy

Posted on 2013-01-08
Medium Priority
Last Modified: 2013-02-11
I have created an outboud policy in fope to encrypt messages being sent to internal addresses on the company domain. It is not working.

A) Can FOPE encrypt messages for internal addresses?
B) Please provide an example policy if this is possible.

Thanks in advance.
Question by:UnitedPres
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 33

Expert Comment

by:Dave Howe
ID: 38758109
Not sure what you are asking. FOPE is a cloud/web hosted service similar to mimecast and mailcontrol, that sits between your exchange server and the internet allowing (amongst other things) Exchange Hosted Encryption (which while named confusingly isn't hosted in your Exchange, but in the FOPE instance, and more closely resembles the cisco CRES and zixmail services)

So the solution looks like:

[your exchange] == TLS encrypted tunnel == [FOPE] == OppTLS smtp == [The Internet]

internal mail never leaves exchange, never passes though FOPE, so never has any FOPE policies applied.

Author Comment

ID: 38758924
Thanks for your response Mr. Howe,

This confirms that we can not create a policy in FOPE as the internal mail does not leave our exchange box.

Is there a way procedure to send an encyrted message internally?
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 38759270
  You *could* do such a thing, but not sure why you would want to.  All traffic between outlook and exchange (or the browser and webaccess) should be encrypted; FOPE does edge-router encryption (in that, mail leaving FOPE for the internet is encrypted, and arriving from the internet is decrypted) and once it is in exchange isn't encrypted at all.

  You *can* enforce use of s/mime via group policy; that will require that your users *and* everyone else they talk to all have s/mime digital certificates, and isn't compatible with FOPE encryption (in that all messages will already be required to be s/mime encrypted).

You could also use a datasink/transport agent to enforce use of s/mime internally, but that would just cause non-encrypted mails to fail (and not force-encrypt them) which would inconvenience your internal users for no good effect.

Author Closing Comment

ID: 38759372
Mr. Howe,

Thank you for responding. I feel you have answered my questions and appreciate your time.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question