Exchange email Encryption
Hi All,
I'm just trying to workout to what level emails are encrypted using the built in encryption with Exchange. My understanding is that SMTP can be tunnelled through SSL using RPC. However I'm not sure if this means the connection between the client and server is all that is encrypted. If it is just the server and client then does this means when the exchange sends it out to the recipient on the same exchange server its not encrypted anymore, or does this depend on whether the other recipient has it configured?
Its strange because if you look at the mail settings there is an option to tick to say use ssl connection, and to add the url for your email exchange. There is also an additional option in the actual email to configure to encrypt message and contents and digitally sign. I guess the lstter is more like SMIME, or PGP and the other is talking about SSL over SMTP?
We have to prove to an auditor that emails are encrypted in transmit, but Im not sure the built in Outlook anywhere settings do this. Firstly because a user can tinker with the setting (I guess group policy could mitigate this) secondly when I inspect the internet headers in emails that I send there is no mention of SSL encryption. SSL should be encrypting the internet headers right?
Previous company had TLS gateway and this would meet the requirement, but Im not sure if the built in encryption with outook anywhere does the job satisfactorily. It would also be good to understand if the emails Im sending are being sent securely using the SSL over SMTP. Does anyone know how to check this (I don't have access to exchange)
I'm just trying to workout to what level emails are encrypted using the built in encryption with Exchange. My understanding is that SMTP can be tunnelled through SSL using RPC. However I'm not sure if this means the connection between the client and server is all that is encrypted. If it is just the server and client then does this means when the exchange sends it out to the recipient on the same exchange server its not encrypted anymore, or does this depend on whether the other recipient has it configured?
Its strange because if you look at the mail settings there is an option to tick to say use ssl connection, and to add the url for your email exchange. There is also an additional option in the actual email to configure to encrypt message and contents and digitally sign. I guess the lstter is more like SMIME, or PGP and the other is talking about SSL over SMTP?
We have to prove to an auditor that emails are encrypted in transmit, but Im not sure the built in Outlook anywhere settings do this. Firstly because a user can tinker with the setting (I guess group policy could mitigate this) secondly when I inspect the internet headers in emails that I send there is no mention of SSL encryption. SSL should be encrypting the internet headers right?
Previous company had TLS gateway and this would meet the requirement, but Im not sure if the built in encryption with outook anywhere does the job satisfactorily. It would also be good to understand if the emails Im sending are being sent securely using the SSL over SMTP. Does anyone know how to check this (I don't have access to exchange)