Create an alternate secure route for a third-party encryption service

You can modify routing behavior for messages that require secure transport by creating a fallback secure route using the Alternate secure route setting. If you have a third-party encryption service, use the Alternate secure route setting to route otherwise insecure traffic to it. 

Note: Before you configure the Alternate secure route setting, you must add mail routes with the Hosts tab. Specifically, you must add a host that contains the appropriate level of TLS delivery you want to use.

Create an alternate secure route for your domain

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmailand thenAdvanced settings.

    Tip: To see Advanced settings, scroll to the bottom of the Gmail page.

  3. On the left, select the top-level organization.
  4. Scroll to the Routing section, and then to Alternate secure route 
    • If the setting is Not configured yet, point over the setting and click Configure.
    • If the setting is Locally applied, point over the setting and click Edit.
  5. Enter a short description that'll appear in the setting's summary.
  6. Select the Use alternate secure route when secure transport (TLS) is required option.
  7. Select a route from the list. If you haven't, you must first add mail routes with the Hosts tab.

    Note: All mail that requires secure transport, which is sent to hosts that you have not identified as TLS-enabled, are routed to the alternate secure route.
  8. When you're finished making changes, click Add setting or Save to close the dialog box.

    Note: Any settings you add are highlighted on the Advanced settings page. 
  9. At the bottom of the window, click Save.

It can take up to an hour for changes to take effect. To track changes, see the Admin audit log.

Was this article helpful?
How can we improve it?