Have you had any issues with your clients/customers when enforcing 100% encrypted email?

Currently the company I work for uses opportunistic TLS and over 90% of our email goes out encrypted (TLS).  We are considering changing it so that if the client server can't accept the encrypted email then the email goes out through the email gateway with a link to download the email from a secure site.

I would like to know what issues other companies experienced when they went to a 100% outbound encrypted email policy. Did you run into any issues such as working with the government or any customers that have a policy that they only except unenctyped email? Do you have any recommendations or got-cha's when you changed the policy?

I did read this EE response and found it very helpful. https://www.experts-exchange.com/questions/28993783/TLS-email-arrangement-office365.html

We use O365 for our email with a 3rd party email gateway for scanning and encryption.

Thank you.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Our clients use Hosted Exchange and standard TLS encryption. That is the (more or less) accepted standard and we have not had any push back.
Dr. KlahnPrincipal Software EngineerCommented:
I use Postfix without TLS.  Your email would not get through at my site.  (But if it's marketing email, that's OK for me.)

(If you are sending marketing email, then why would your IT management even consider doing anything that would restrict the audience?)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
timgreen7077Exchange EngineerCommented:
Are you talking about TLS encryption which is basically the transit connection is encrypted, or are you talking about encrypting the actual email and it contents. if that latter that will be a major hassle, but if TLS I would suggest leaving opportunistic unless a client specifically requests 100% TLS encryption. if that is the case I would just create a send connector for that client and force TLS.
Aaron GuilmetteTechnology Solutions ProfessionalCommented:
Forcing TLS to all recipients can be difficult, as most mail platforms by default don't have a method for handling the "what if" scenarios (like, can I resubmit with message-level encryption if TLS to the mail host isn't accepted).  Some appliances, such as Zix, do account for this and have built in routines to make sure data is always encrypted.

It depends on what your true requirements are.  Most DOD-level organizations, when transacting secure email, instead use S/MIME, which is user-based and independent of the transport layer.
Steph_MAuthor Commented:
Thank you for all of your comments. The reason I selected  Dr. Klahn's comment is because it provided me with an example of the types of exceptions we will need to work around.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients

From novice to tech pro — start learning today.