Google Postini Services logo
Print Previous Next


Set Up Policy Enforced TLS

Set up Inbound TLS by Sender Domain
1.
In the Administration Console, click the Inbound Servers tab. Select your email config organization, and click the TLS link.
2.
3.
Scroll to the Inbound TLS by Sender Domain section, at the bottom of the page. If you do not see this section, you do not have Policy Enforced TLS enabled. Contact your account representative for information.

4.
Enter the domain name you wish to set as TLS-only. Type the exact domain name; wildcards and subdomains are not supported.
5.
6.

To remove one or more domains, check the domains you wish to delete and click Delete Selected. The changes take effect immediately.

Set up Outbound TLS by Recipient Domain

Before you can use Outbound TLS by Recipient Domain, set your mail server to route outbound mail through the email protection service, and enable TLS on your mail server. See About Policy Enforced TLS for more information about requirements.

1.
In the Administration Console, click the Outbound Servers tab. Select your email config organization, and click the TLS link.
2.
If TLS is set to “Accept only SMTP” or “Send only SMTP”, change your settings to allow TLS. The recommended setting is “SMTP or TLS.” See Transport Layer Security for Outbound Mail for more information on outbound TLS settings.
3.
Scroll to the Outbound TLS by Sender Domain section, at the bottom of the page. If you do not see this section, you do not have Policy Enforced TLS enabled. Contact your account representative for information.

4.
Enter the domain name you wish to set as TLS-only. Type the exact domain name. Wildcards and subdomains are not supported; each subdomain must be added separately.
5.
6.
Optional: Set Certificate Validation. The default setting, Encryption Only, should be sufficient for most domains, but you can validate the recipient’s certificate by changing this setting to Verify Certificate, Trust Check, or Domain Check. For more information, see Certificate Validation.
7.

To remove a domain, select the domain you wish to delete and click Remove. The change takes effect immediately.

Policy Enforced TLS with Multiple Email Config Organizations

If you have multiple Email Config organizations for different mail servers, consider using the same TLS and Policy Enforced TLS settings for mail server as a best practice. Otherwise, you may see surprising deferral messages.

Policy-Enforced TLS for outbound messages is based on the sender’s email address, not the sender’s server. If you have multiple mail servers that share users in the same domain, those users will have different TLS policies, which may cause unexpected deferrals.

*
Related Topics
*
*
*
*
Print Previous Next