SPX (Secure PDF Exchange) encryption is a next-generation version of email encryption. It is clientless and extremely easy to set up and customize in any environment. Using SPX encryption, unencrypted email messages and any attachments sent to Sophos UTM on AWS are converted to a PDF document, which is then encrypted with a password. You can configure Sophos UTM on AWS to allow senders to select passwords for the recipients, or the server can generate the password for the recipient and store it for that recipient, or the server can generate one-time passwords for recipients.
When SPX encryption is enabled, there are two ways how emails can be SPX-encrypted:
You can download a Microsoft Outlook plugin (see chapter Email Protection > SPX Encryption > Sophos Outlook Add-in). After installation, an Encrypt button is displayed in the Microsoft Outlook user interface. To encrypt a single message, users need to activate the Encrypt button and then write and send the message. If something goes wrong, for example the sender does not enter a valid password, a notification will be sent, if configured.
Note – If you are not using Outlook you can still trigger SPX encryption by setting the header field X-Sophos-SPX-Encrypt to yes.
- In the Data Protection feature, you can specify to automatically SPX-encrypt emails containing sensitive data (see SMTP > Data Protection tab).
At the email recipient’s side, the recipient can decrypt the message by means of Adobe Reader with the password that was used to encrypt the PDF. SPX-encrypted email messages are accessible on all popular smartphone platforms that have native or third-party PDF file support, including Blackberry and Windows Mobile devices.
Using the SPX reply portal, the recipient is able to answer the email in a secure way. It is possible to set expiry times for secure reply and unused passwords (see chapter Email Protection > SPX Encryption > SPX Configuration).
SPX encryption can be activated in both SMTP configuration modes, Simple mode and Profile mode. In Simple mode, a global SPX template can be chosen that defines the layout of the PDF file, password settings, recipient instructions, and SPX reply portal settings. In Profile mode, you can define different SPX templates for different SMTP profiles. So, if you are managing various customer domains, you can assign customized SPX templates containing for example different company logos and texts.
Cross Reference – Find information about configuring email encryption with SPX on Sophos UTM on AWS in the Sophos Knowledge Base.