Enforced TLS needs to be set up on the server that is establishing connection with the recipient server. That is why if there is enabled Policy-Based Encryption on the account, Enforced TLS should be enabled from Encrypted Mail Gateway console.

EMG treats enforced TLS as an alternative to the Message Pickup Center encryption and delivery method. Message sent via enforced TLS will be delivered directly to the recipient's mailbox. When TLS is blocked, or not available at the receiving end, the next enabled delivery method is used. 

To set up Enforced TLS via EMG:

  1. Log in HostPilotĀ® Control Panel and navigate to Services > Compliance > Email Encryption > click Encrypted mail gateway.
    1
  2. Go to Profile Settings > Update profile:
    2
  3. On the TLS Encryption tab:
    1. check the Enable TLS Encryption box
    2. chose the Enable for listed domains ONLY option
    3. add recipient domains that require enforced TLS and click Add
      Here you have two additional options:
      • Disable encrypt notifications for TLS messages
        This will disable notification that sender receives regarding the result of the TLS encryption
      • Disable Certification Validation
        This option will allow TLS connections to an SMTP server that has a certificate which is: expired, self-signed or issued from a different domain.
        Important: this option lowers the security provided by TLS encryption and should only be used as a temporary workaround while receiving domain resolves their certificate issue.
    4. click Save Settings
      3

  4. Go to Policies > Recipient & Sender Groups and click Add an email list
    4

  5. Enter the list name and description and add the domains you specified on step 3 to the Email List field or load the list from your machine. Click Save
    5

  6. Go to Policies > Email Policies and click Add policy
    6

  7. Create and save the policy with the following settings:
    1. Status: Enabled
    2. Match Conditions: Any
    3. Conditions: Enable > If: Recipients > Contains: Any > From: Recipient & Sender Groups > List: list you created on step 5 > More than: 0 Times
    4. Mail action: Encrypt
      7

The Message Report will show the DELIVER_TRUSTED_TLS_DIRECT_DOMAIN action for message sent via enforced TLS:

8