Add an SPX template

You can create or edit SPX templates for email encryption.

When you apply SPX templates to email policies or when senders trigger encryption, XG Firewall converts emails and attachments into PDFs and encrypts them.

To add an SPX template, do as follows:

  1. Go to Email > Encryption > SPX templates and click Add.
  2. Enter a name.
    Note You cannot use these characters (’/,\”).
  3. Enter the organization name to show in SPX notifications.
  4. Select the encryption standard.
  5. Select the PDF page size.
  6. In Password type, select the method of generating the password.
    OptionDescription
    Specified by sender Applied by senders in the email header. The sender must enter a password in the email subject in the format [secure:<password>]<subject text>, for example, [secure:secretp@ssword]. The sender must share the password securely with the recipient.
    Note XG Firewall removes the password when sending the email and doesn’t store the password.
    Note You can use this method with any SPX encryption trigger.
    To encrypt emails, senders must follow these steps:
    • Microsoft Outlook
      1. Go to the user portal. Download and install Sophos Outlook Add-in.
      2. In Outlook, click Encrypt for each email that you want to encrypt.
    • Other mail clients: Set the email header field X-Sophos-SPXEncrypt to yes.
    Note When XG Firewall finds the SPX header in emails, it applies the specified SPX template.
    Generate one-time password for every email XG Firewall generates a password and emails it to the sender. The sender must share the password securely with the recipient.
    Note The password isn’t stored.
    Generated and stored for recipient

    XG Firewall generates a recipient-specific password and emails it to the sender. The sender must share the password securely with the recipient. The password is stored and used until it expires.

    Specified by recipient XG Firewall emails a password registration link to recipients not already registered for a password.

    When recipients register, XG Firewall sends an encrypted email to them, using the recipient’s password. It stores the password until expiry.

    Recipients decrypt emails from the organization with this password.

    Note If a recipient receives different emails with a password generated through Generated and stored for recipient and Specified by recipient, they must use the appropriate passwords to decrypt the emails.
    Note To reply, recipients must click the reply button in SPX-encrypted emails and go to the SPX reply portal.
  7. Optional Customize the notification subject and body.
  8. Optional Specify recipient instructions. XG Firewall emails these to the recipient with the encrypted email.
    Note To reset to the default notification, click Reset Reset button.
    Note You can use simple HTML markup, hyperlinks, and variables, for example, %ORGANIZATION_NAME%.
  9. Click Save.