You might require that specific email in your organization is always sent over a secure connection. Transport Layer Security (TLS) is a security protocol that encrypts email for privacy. TLS prevents unauthorized access of your email when it's in transit over internet connections. Learn more about sending email over TLS.
If you use a third-party to encrypt your email, use the Alternate secure route setting to create a secure backup route in your Google Admin console. You can also use the setting to route any email traffic to a third-party encryption service.
Step 1: Add the backup host
Add one or more hosts that you plan to use for the alternate, backup email route. Make sure you add a host that supports the version level of TLS that you require for your organization's email.
For detailed steps, visit Add mail servers for Gmail email routing.
Step 2: Add a secure alternate route
Add a secure, alternate route with the host you added in Step 1:
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu
Apps
Google Workspace
- On the left, select the top-level organization.
- Scroll to the Alternate secure route setting and click Edit
.
- Check the Use an alternate route when secure transport is required box.
- Under the box, select the host you added in Step 1 as the alternate route.
All messages that require secure transport to non-TSL hosts are sent over this route.
- Click Save
.Changes can take up to 24 hours but typically happen more quickly. Learn more
To track changes, go to the Admin audit log.
