Encryption
Secure PDF exchange (SPX) is clientless email encryption that converts email and attachments to a PDF file and encrypts it with a password.
You can encrypt outbound emails of specific domains, based on content match, or when a sender triggers encryption. Recipients can decrypt the email and then read it, using a PDF reader on their device, including mobile phone platforms with PDF file support, for example, Android, iOS, Blackberry, or Windows.
SPX encryption triggers
If you’ve specified more than one method of triggering SPX encryption, XG Firewall applies encryption settings in the following order:
- On outbound emails from specified domains
- When it finds content or data protection match
- When SPX is triggered by senders.
There are two ways to apply SPX encryption in XG Firewall
- From“X-Sophos-SPX-Encrypt: yes”. . SPX encryption will apply only to outbound emails with the flag
- From“X-Sophos-SPX-Encrypt: yes”. . SPX encryption will apply to all outbound emails (from protected domains), regardless of the flag
SPX configuration
Specify the SPX template, password, reply, and notification settings.
Default SPX template |
Template applied if senders SPX-encrypt emails, and if you don’t select SPX encryption in the SMTP policy. Select None if you don’t want to encrypt emails. |
Keep unused password for |
Period for which passwords remain valid if no SPX-encrypted email is sent to a specific recipient. For example, if you specify three days, the password expires at midnight at the end of the third day. |
Send error notification to |
Recipients of SPX error notification. Error messages are listed in the SMTP log. |
Allow password registration for |
Link to password registration portal expires at the end of this period. |
SPX portal settings
Specify the password registration settings.
Name | Description |
---|---|
Hostname |
IP address or domain on which the password registration portal is hosted. |
Allowed networks |
Networks from which password registration requests are accepted. This should be set to Any so that anyone users send an SPX-encrypted message can access it. |
Port |
Port on which the SPX password registration portal listens. Default: 8094 |