Configuring Secure Messaging Definitions and Policies

Document created by user.oxriBaJeN4 Employee on Sep 26, 2016Last modified by user.oxriBaJeN4 Employee on Apr 2, 2019
Version 9Show Document
  • View in full screen mode

Secure Messaging allows users to transmit confidential messages to recipients in a secure environment. The functionality differs, depending on if a message is sent to an internal or external recipient.


The Secure Messaging Workflow


If sent externally, the message isn't sent to the recipient's mail server. Instead it is retained by us in our Secure Messaging Portal. A notification is sent to the recipient, allowing them to:

  • View the secure message.
  • Send a secure response, if the sender configured this when the secure message was sent.


Internal Secure MessageIf a secure message is sent internally, it isn't retained in our Secure Messaging Portal. Instead it's delivered through your mail server, and the message is delivered with a banner (see right). The recipient can reply normally via their email application, or securely (if this was configured when the secure message was sent) via:

  • The Secure Messaging Portal.
  • A Mimecast end user application.




Consider the following before configuring a definition or policy:

  • Secure messaging definitions are grouped in folders. This is important to remember when creating more than one definition, as the folder location will determine who has access to them.
  • Secure Messaging-Lite doesn't allow the creation of secure messaging definitions. For more details see the Secure Messaging - Lite page.


Configuring a Secure Messaging Definition


To configure a Secure Messaging definition:

  1. Log on to the Administration Console.
  2. Click on the Administration menu button. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.
  4. Click on the Definitions drop down. A list of the definition types is displayed.
    Definition list
  5. Select the Secure Messaging menu item.
  6. Either:
    • Click on the Folder where the definition is to be created, or already exists. A definition cannot be created in the Root folder.
    • Create a Folder where the definition is to be created. See the Managing Folders page for full details.
  7. Either click on the:
    • New Secure Messaging Definition button to create a definition.
    • Definition to be changed.
  8. Complete the Definition's Properties as follows:
    Field / OptionDescription
    DescriptionThis is used to identify the definition. It is good practice to ensure this accurately describes to settings below (e.g. Allow Print, 7 Day Exp, No Receipt).
    Allow External Recipient to PrintIf selected, the recipient of the secure message can print it.
    Allow External Recipient to ReplyIf selected, the recipient of the secure message can reply to the sender.
    If the sender sent the message to multiple recipients, they cannot use the Reply All functionality unless the "Allow External Recipient to Reply All" option is also selected.
    Allow External Recipient to Reply AllIf selected, the recipient of the secure message can reply to all the recipients.
    Expire Secure Messages for External Recipients AfterSet the expiration date of any secure message sent to an external recipient using this definition.
    If the secure message using this definition is sent to internal recipients, they see the message after the expiration date. If the "Never Expire" option is selected, this is limited to the maximum retention period for your account.
    Allow Sender to Extend Message Expiration by a Maximum ofSet the time period during which the sender can extend the secure message's expiration date.
    Send Read ReceiptIf selected, the sender receives a notification when the recipient views the secure message.
  9. Click on the Save and Exit button.


Configuring a Secure Messaging Policy


To configure a Secure Messaging policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.
  4. Click on Secure Messaging. A list of policies is displayed.
  5. Either click on the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Take No ActionIf this option is selected, secure messaging is not applied to messages covered by the policy.
    Select Secure MessagingSelect a Secure Messaging definition by clicking the Lookup button.
  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are:
    The Return Address (Mail Envelope From)This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    The Message From Address (Message Header From)Applies the policy based on the masked address used in the message's header.
    BothApplies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used.
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    EveryoneIncludes all email users (i.e. internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this to enable (default) or disable a policy. Disabling the policy allows you to prevent it from being applied without having to delete or back date it. Should the policy's configured date range be reached, the it is automatically disabled.
    Set Policy as PerpetualSpecifies that the policy's start and end dates are set to "Eternal", meaning the policy never expires.
    Date RangeSpecify a start and end date for the policy. This automatically deselects the "Eternal" option.
    Policy OverrideSelect this to override the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type have also been configured with an override.
    Bi-DirectionalIf selected, the policy also applies when the policy's recipient is the sender and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.


See Also...