Email Encryption

With Email Encryption, Deep Discovery Email Inspector encrypts messages using Trend Micro Identity-Based Encryption (IBE). For example, when the domain a.com is registered with Trend Micro for encryption and decryption and user1@a.com sends a message with private information to user2@b.com, Deep Discovery Email Inspector encrypts the message sent to user2@b.com. You can configure a policy rule to encrypt messages containing private information.

Tip:

Before using Email Encryption, Trend Micro recommends you configure Deep Discovery Email Inspector to synchronize the system time with an NTP server to ensure standard time and date data.

Note:

When Deep Discovery Email Inspector is registered to Deep Discovery Director 5.1 (or later), Deep Discovery Director provides central management of the Email Encryption settings. After registration is successful, Deep Discovery Email Inspector obtains Email Encryption settings (including the registered email domains) from Deep Discovery Director and prevents manual configuration of the settings on the management console.

Important:

When Email Encryption is enabled, the number of email messages that Deep Discovery Email Inspector encrypts and decrypts may affect system performance. If there is a high volume of email messages in your organization, Trend Micro recommends the following:

  • Configure policies with content filtering rules to encrypt specific outgoing email messages

  • Set up a dedicated Deep Discovery Email Inspector appliance to perform email encryption and decryption

For assistance with performance sizing, contact Trend Micro Technical Support.

To configure Email Encryption settings in Deep Discovery Email Inspector, do the following:

  1. Register one or more domains to the Trend Micro Email Encryption server.

    For more information, see Registering Domains for Email Encryption.

  2. Configure default sender address for message signing.

    For more information, see Configure Default Email Identity for Message Signing.

  3. (Optional) Configure Email Encryption exceptions.

    For more information, see Configuring Email Encryption Exceptions.

  4. Configure content filtering or Data Loss Prevention (DLP) rules with the Encrypt message action.

    For more information, see Configuring a Content Filtering Rule and Configuring a DLP Rule.