FOPE outbound encryption policy

Posted on 2013-01-08
Last Modified: 2013-02-11
I have created an outboud policy in fope to encrypt messages being sent to internal addresses on the company domain. It is not working.

A) Can FOPE encrypt messages for internal addresses?
B) Please provide an example policy if this is possible.

Thanks in advance.
Question by:UnitedPres
  • 2
  • 2
LVL 33

Expert Comment

by:Dave Howe
ID: 38758109
Not sure what you are asking. FOPE is a cloud/web hosted service similar to mimecast and mailcontrol, that sits between your exchange server and the internet allowing (amongst other things) Exchange Hosted Encryption (which while named confusingly isn't hosted in your Exchange, but in the FOPE instance, and more closely resembles the cisco CRES and zixmail services)

So the solution looks like:

[your exchange] == TLS encrypted tunnel == [FOPE] == OppTLS smtp == [The Internet]

internal mail never leaves exchange, never passes though FOPE, so never has any FOPE policies applied.

Author Comment

ID: 38758924
Thanks for your response Mr. Howe,

This confirms that we can not create a policy in FOPE as the internal mail does not leave our exchange box.

Is there a way procedure to send an encyrted message internally?
LVL 33

Accepted Solution

Dave Howe earned 500 total points
ID: 38759270
  You *could* do such a thing, but not sure why you would want to.  All traffic between outlook and exchange (or the browser and webaccess) should be encrypted; FOPE does edge-router encryption (in that, mail leaving FOPE for the internet is encrypted, and arriving from the internet is decrypted) and once it is in exchange isn't encrypted at all.

  You *can* enforce use of s/mime via group policy; that will require that your users *and* everyone else they talk to all have s/mime digital certificates, and isn't compatible with FOPE encryption (in that all messages will already be required to be s/mime encrypted).

You could also use a datasink/transport agent to enforce use of s/mime internally, but that would just cause non-encrypted mails to fail (and not force-encrypt them) which would inconvenience your internal users for no good effect.

Author Closing Comment

ID: 38759372
Mr. Howe,

Thank you for responding. I feel you have answered my questions and appreciate your time.

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Scenario: Your operations manager has discovered an anomaly in your security system. The business will start to suffer within 15 minutes if it is a major IT incident. What should she do? We have 6 recommendations for managing major incidents (https:…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question