Set up an alternate route for messages that need secure transport

You might require that specific email in your organization is always sent over a secure connection. Transport Layer Security (TLS) is a security protocol that encrypts email for privacy. TLS prevents unauthorized access of your email when it's in transit over internet connections. Learn more about sending email over TLS.

If you use a third-party to encrypt your email, use the Alternate secure route setting to create a secure backup route in your Google Admin console. You can also use the setting to route any email traffic to a third-party encryption service.

Step 1: Add the backup host

Add one or more hosts that you plan to use for the alternate, backup email route. Make sure you add a host that supports the version level of TLS that you require for your organization's email.

For detailed steps, visit Add mail servers for Gmail email routing

Step 2: Add a secure alternate route

Add a secure, alternate route with the host you added in Step 1:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. In the Admin console, go to Menu ""and then"" Appsand thenGoogle Workspaceand thenGmailand thenRouting.
  3. On the left, select the top-level organization.
  4. Scroll to the Alternate secure route setting and click Edit Edit.
  5. Check the Use an alternate route when secure transport is required box.
  6. Under the box, select the host you added in Step 1 as the alternate route.

    All messages that require secure transport to non-TSL hosts are sent over this route.

  7. Click Save

Changes can take up to 24 hours but typically happen more quickly. Learn more

To track changes, go to the Admin audit log.

Was this helpful?
How can we improve it?
Clear search
Close search
Google apps
Main menu
Search Help Center