Have you had any issues with your clients/customers when enforcing 100% encrypted email?

Currently the company I work for uses opportunistic TLS and over 90% of our email goes out encrypted (TLS).  We are considering changing it so that if the client server can't accept the encrypted email then the email goes out through the email gateway with a link to download the email from a secure site.

I would like to know what issues other companies experienced when they went to a 100% outbound encrypted email policy. Did you run into any issues such as working with the government or any customers that have a policy that they only except unenctyped email? Do you have any recommendations or got-cha's when you changed the policy?

I did read this EE response and found it very helpful. https://www.experts-exchange.com/questions/28993783/TLS-email-arrangement-office365.html

We use O365 for our email with a 3rd party email gateway for scanning and encryption.

Thank you.
Who is Participating?
Dr. KlahnConnect With a Mentor Principal Software EngineerCommented:
I use Postfix without TLS.  Your email would not get through at my site.  (But if it's marketing email, that's OK for me.)

(If you are sending marketing email, then why would your IT management even consider doing anything that would restrict the audience?)
JohnBusiness Consultant (Owner)Commented:
Our clients use Hosted Exchange and standard TLS encryption. That is the (more or less) accepted standard and we have not had any push back.
timgreen7077Connect With a Mentor Exchange EngineerCommented:
Are you talking about TLS encryption which is basically the transit connection is encrypted, or are you talking about encrypting the actual email and it contents. if that latter that will be a major hassle, but if TLS I would suggest leaving opportunistic unless a client specifically requests 100% TLS encryption. if that is the case I would just create a send connector for that client and force TLS.
Aaron GuilmetteTechnology Solutions ProfessionalCommented:
Forcing TLS to all recipients can be difficult, as most mail platforms by default don't have a method for handling the "what if" scenarios (like, can I resubmit with message-level encryption if TLS to the mail host isn't accepted).  Some appliances, such as Zix, do account for this and have built in routines to make sure data is always encrypted.

It depends on what your true requirements are.  Most DOD-level organizations, when transacting secure email, instead use S/MIME, which is user-based and independent of the transport layer.
Steph_MAuthor Commented:
Thank you for all of your comments. The reason I selected  Dr. Klahn's comment is because it provided me with an example of the types of exceptions we will need to work around.

All Courses

From novice to tech pro — start learning today.