Create an alternate secure route for a third-party encryption service

You can modify routing behavior for messages that require secure transport by creating a potential fallback secure route. Domains not listed in TLS rules can be rerouted to this alternate route. You can create the alternate route using the Alternate secure route setting.

You'll want an alternate route if you have a third-party encryption service. You can then use the Alternate secure route setting to route otherwise insecure traffic to it.

Note: Before you configure the Alternate secure route setting, you must first add mail routes with the Hosts tab. Specifically, you must add a host that contains the appropriate level of TLS delivery that you want to use.

Create an alternate secure route for your domain

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in

  2. From the Admin console Home page, go to Appsand thenG Suiteand thenGmailand thenAdvanced settings.

    Tip: To see Advanced settings, scroll to the bottom of the Gmail page.

  3. On the left, select the top-level organization.
  4. Scroll to the Alternate secure route section, or enter Alternate secure route in the search box.
    • If the setting is Not configured yet, hover over the setting and click Configure.
    • If the setting is Locally applied, hover over the setting and click Edit to edit it.
  5. Enter a short description that'll appear in the setting's summary.
  6. Select the Use alternate secure route when secure transport (TLS) is required option.
  7. Select a route from the list. If you haven't, you must first add mail routes with the Hosts tab.

    Note: All mail that requires secure transport, which is sent to hosts that you have not identified as TLS-enabled, will be routed to the alternate secure route.
  8. When you're finished making changes, click Add setting or Save to close the dialog box.

    Note: Any settings you add will be highlighted on the Advanced settings page.
  9. On the bottom, click Save.

It can take up to an hour for changes to propagate to user accounts. You can track changes in the Admin audit log.

Was this article helpful?
How can we improve it?