E-Mail encryption issues

Unanswered Question
Oct 15th, 2009
User Badges:

We've just implemented IronPort mainly for E-Mail encryption, but we are taking advantage of the great AntiSpam and A/V capabilities of the device also.

In testing our E-Mail encryption, I have these feedback points and I'm hoping someone can help me address some of these concerns.

1) It seems that some people behind a corporate firewall had no issues at all receiving the email, signing up for an account, and responding to the secure message.

2) Others, however, received error messages, the links may not have worked if saved to their desktop, or had other possible network issues.

3) Some replied within the secure message, which I received. Others replied to the original email, which I also received. However, if I then replied to the original email that was encrypted as well, even though their response to me was not and my reply to them was not.

4) Within the secure message, the only clear options to a user are “Reply” or “Reply to all”. There are no clear instructions that if you want to cancel, you need to close the browser.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kyerramr Fri, 10/16/2009 - 07:36
User Badges:

Saurek,

2) Could you be specific of what kind of errors you noticed? When you say links saved to desktop are you referring to securedoc.html? If there is an issue accessing links for activation or registration these might be related to proxy or network related issues. Please have these user's try accessing these links outside the network and see if the issue persists.

3) Are you referring to secure replies being received as encrypted envelopes? This is part of how secure replies work, if you want secure replies coming into your domain as plain text instead of PXE envelopes use the TLS feature.

Best,
Kishore

keithsauer507 Fri, 10/16/2009 - 16:46
User Badges:

Ok for number 3:

I had in the subject line, if subject contains [send secure]. I changed it to if subject begins with [send secure]. This way the RE: [send secure] won't always be encrypted.

If you want it encrypted we allow them to reply from the decrypted securedoc.html. I was referring to replying to the initial "You have received a secure message" notification.

For number 2:
I have info from an individual who saved securedoc.html to their desktop and opened it in IE. She entered the password and it just sat there for a really long time until she lost patience and closed out. Just sat there...

I'm wondering if those compatibility issues could be minimized with the checkbox that says "Use Decryption Applet" under the Encryption Envelope Profile in Ironport. The description for this checkbox (which is currently checked) states "Disabling this setting will cause message attachments to be
decrypted at the key server. The message will take
longer to open (but is guaranteed to work in all user environments). "

What's your opinion? For broader compatibility, it appears as if I should uncheck that box.

Other feedback seems to pertain to confused users saying "Why do we have to register for Cisco?" So that would be more branding and clearer communication that our Marketing team can come up with for our text resource that kicks off the "You have received a secure message" notification.

Actions

This Discussion