Looking for Email Encryption

Client has 2008 SBS

25 Email boxes.

Looking for Low Cost encryption Solution.

Joseph SalazarVice President - Senior IT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You can go with that latest gpg4win solution.

Gpg4win enables users to securely transport emails and files with the help of encryption and digital signatures. Encryption protects the contents against an unwanted party reading it. Digital signatures make sure that it was not modified and comes from a specific sender.

Gpg4win supports both relevant cryptography standards, OpenPGP and S/MIME (X.509), and is the official GnuPG distribution for Windows. It is maintained by the developers of GnuPG. Gpg4win and the software included with Gpg4win are Free Software (Open Source; among other things free of charge for all commercial and non-commercial purposes).

There is a stable release 2.2.0 from August this year.


See for technical details:


Gpg4win supports these platforms:

  * Operating System: Windows XP, Vista, 7, 8 (for all: 32/64 bit)
  * MS Outlook: 2003, 2007, 2010, 2013

If you go to the account settings in outlook and under security tab - Check "Encrypt data between Microsoft Outlook and Exchange".

As for OWA, if you have already configured the SSL settings, then there should be a Email Security option under Options when you log into OWA and use OWA S/MIME control. If you haven't, then configure SSL from IIS on your exchange server.

Look into the paid solutions for this also Symantec,  Barracuda SPAM & Virus Firewall 300

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David Johnson, CD, MVPOwnerCommented:
Both the sender and the receiver must use the same type of encryption and pretty good privacy is a good workable solution. But this requires the setting of keys (public/private) and sharing the public key with the recipient, and also having the recipients public key.  You encrypt with your private key and their public key and they decrypt using your public key and their private key. Within an organization you can use PKI keys (using your own Certificate Authority)
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Dave HoweSoftware and Hardware EngineerCommented:
Depends on what you are encrypting.

If you are happy with just TLS encryption (i.e. transmission encryption) then turn that on - you can only enforce it to specific destinations though, or you lose a lot of mail from correspondents who don't want to pay for a commercial TLS certificate.

If you want to do true email encryption, then the two main solutions (s/mime and openpgp) both require the recipient to send you their key in advance - contact the people you want to send email to, and find out what they can support.

if you want to be able to support encryption to people who haven't already set up such a key, then you need a special type of encryption called "oracle based" - that's nothing like the company oracle, instead it means there is a site that will issue keys "on behalf of" users who don't have any, and let them set up their account there after the fact to collect their keys. zixmail is probably the cheapest example there.

but again, the key is to find out who your client wants to be able to communicate securely with, and arrange something in conjunction with the client and their correspondents. You never know, you might even get some more customers out of it (and setting up both sides means you can generate your own keys for free for things like s/mime and tls)
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
What is the Proceedure to turn on TLS?

I Have a SBS 2008 Server.


Tls is security  just enabled between the client (user)  and exchange server. So if you send an email from a client PC, it is in transition to the exchange server encrypted  then mostlikely unencrypted until it get to the final email server, are you sure this is enough for you?
Dave HoweSoftware and Hardware EngineerCommented:
That is indeed true.

TLS (in exchange releases before 2010) cannot be enforced, so you are relying on the remote end requiring TLS if you want to guarantee that (2010 and after fix this). Forcing routing though a specificity configured smtp connector is the *only* way to force routing (every other sane MTA has a routing table specifically for this, just not Exchange) and in every way, it is pointed out that Ex2007 just doesn't Do Security.

I usually recommend that people who want to do real TLS and still use exchange put something more feature-rich in front of it (such as open source Exim)
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
Turned TLS ON,
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.