Message Encryption Quick Start Guide: OLD: DO NOT USE

The content in this article is obsolete. Please see the current version of this article.

Note: The Google for Work Support team provides limited support for the Google Apps Message Encryption app, as it is a third-party service.

ZixCorp, Google’s message encryption partner, has designed an application for the Google Admin console called Google Apps Message Encryption (GAME). This web application enables administrators to add authorized message encryption users in your domain to the GAME service, and to set up custom bounce messages that are sent to unauthorized users.

When Google Apps users need an email message to be encrypted, that message is routed to Zone - a Zix data center environment built especially for GAME. Within Zone, the sender’s email address is checked against the white list of users created by the administrator for their domain. If the user is authorized to send encrypted emails, the message will be encrypted and sent using ZixCorp’s Best Method of Delivery (BMOD). The keyless delivery method for Google Apps customers will be ZixPort. If the user is not authorized, the appropriate bounce message will be sent back to the sender.

Google Message Encryption process

Here are some steps to get you started:

Purchase GAME through a Google sales rep

You must first purchase GAME by contacting a Google sales representative. After purchase, a Google deployment specialist will work with a ZixCorp GAME specialist to provision the service for your domain.

Domains are added to production every Tuesday and Thursday night:

  • Deadline for Tuesday night production: Submit domains to Google by the previous Wednesday at 5 pm EST.

  • Deadline for Thursday night production: Submit domains to Google by the previous Monday at 5 pm EST.

Download the Google Apps Message Encryption Admin service
Go to Google Apps Marketplace to download Google Apps Message Encryption Admin. This Admin service enables you to manage Google Apps Message Encryption in the Google Apps Admin console.
Add an email route for Zix in the Admin console

After you've had GAME enabled for your domain and you've downloaded Google Apps Message Encryption Admin, you can add an email route for Zix.

You only need to add one email route, or host, for Zix regardless of how many organizations or users will be using GAME. Gmail will automatically default to using TLS.

  1. Sign in to the Google Admin console.
  2. Click Google Apps > Gmail.
  3. On the Gmail settings page, click Hosts.
  4. Click Add route to open the Add mail route window.
  5. Enter the following:
    1. Enter Zix Email Encryption in the blank field.
    2. Choose Single host from the menu.
    3. Enter smtp.googlemessageencryption.com.
    4. After the colon, enter 25 as the port.
    5. Check Require TLS delivery.
    6. Click Save.

    Note: Do NOT select the Perform MX lookup on host check box.

Manage users and set up custom notifications

Add all users to the service

  1. Sign in to the Google Admin console.
  2. Click Marketplace Apps > Google Apps Message Encryption > Additional configuration.
  3. Select the Users tab.
  4. Tick the Enable Message Encryption for all users in this domain check box.

Note: Exceeding the number of licenses will result in additional fees.

Add selected users to the service

  1. Sign in to the Google Admin console.
  2. Click Marketplace Apps > Google Apps Message Encryption > Additional configuration.
  3. Select the Users tab.
  4. Click Add.
  5. Enter the the first part of the user's email address (the part before the @ sign).
  6. Click Add.

Add users with a bulk upload

  1. Sign in to the Google Admin console.
  2. Click Marketplace Apps > Google Apps Message Encryption > Additional configuration.
  3. Select the Users tab.
  4. Click the Import button at the right edge of the window.
  5. Choose the file and select csv file.
  6. Click Import.

Delete users from the service

  1. Sign in to the Google Admin console.
  2. Click Marketplace Apps > Google Apps Message Encryption > Additional configuration.
  3. Select the Users tab.
  4. Select the boxes for the users that you want to delete.
  5. Click Delete.
  6. In the pop-up window, select the check box and click Delete to confirm.

Set up custom notifications

  1. Sign in to the Google Admin console.
  2. Click Marketplace Apps > Google Apps Message Encryption > Additional configuration.
  3. Select the General tab.
  4. In the Unauthorized User Message section, enter your email notification.
  5. Click Preview Message.
  6. Click Save.
Set up encryption for content compliance

Add a content compliance filter

  1. Sign in to the Google Admin console.
  2. Click Google Apps > Gmail > Advanced settings.
  3. In the Organizations section, highlight your domain or the organizational unit for which you want to configure settings.
  4. Scroll down to the Content compliance section.
  5. Click the Configure button to add a new filter. Or, if you already have a Content compliance filter, click Add another.
  6. Click Add description and enter Zix Email Encryption (subject contains encrypt).
  7. For Email messages to affect - check Outbound.
  8. For Add expressions that describe the content you want to search for in each message, select If ANY of the following match the message.
  9. In the Expressions section, click Add.
  10. Select Advanced content match in the first drop-down menu.
    • For Location, select Subject.
    • For Match type, select Contains text.
    • For Content, type encrypt.
  11. Click Save.
  12. For If the above expressions match, do the following, select Modify message from the drop-down menu.
  13. In the Route section, click Change route.
  14. From the Select a route drop-down menu, select Zix Email Encryption.
  15. Click Add Setting or Save to close the dialog box.
  16. Click Save changes at the bottom of the Email settings page.

Set up organizational units for GAME

  1. Sign in to the Google Admin console as a Super Admin.
  2. Identify all email encryption users and place them in a separate organizational unit. For more information, see Move a user to an organizational unit.

All users in this organization will have encryption enabled. For example, you may want to provide encryption functionality to all executives who have been placed in the Executives organization. Note that you can set up multiple organizations in this way for encryption.

Add subdomain MX records for each of your domains

GAME requires special MX records to ensure that secure mail from customers using GAME, or other encryption services powered by ZixCorp™ technology, are routed correctly.

For the service to function properly, you need to add the following subdomain MX records to each of your domains:

zixvpm.[domain].com. MX IN 3600 mx35241.zixworks.com
zixvpm.[domain].com. MX IN 3600 mx35242.zixworks.com

For more information about MX records, see MX records.

Test your GAME configuration

To confirm that encryption is working properly:

  1. Send an encrypted email to an outside account (for example, hotmail.com, yahoo.com) by selecting the keyword for triggering Zix routing that you selected when configuring the content compliance setting.
  2. Once you receive the email notification from Zix in your outside email account (hotmail.com, yahoo.com, etc.) log in to the secure portal.
  3. Reply to the message from the portal.
  4. You should be able to view the response from the portal in your Gmail inbox with a disclaimer at the bottom of the message letting you know that the message was Secured by Zix.
Custom portal options

For a complete list of custom portal options, see ZixPort Portal Customization in ZixPort Service Description.

Submit your custom portal options to your deployment specialist via email to gme-domain-notif@google.com.

Use the subject line: "Custom Portal Options for Company Name

Once custom portal options are submitted, your custom portal will be built by Zix. You will receive a preview link for your review prior to placing in production. Custom Portal Options go into production every Tuesday and Thursday night:

  • Deadline for Tuesday night production: Submit domains to Google by the previous Wednesday at 5 pm EST.

  • Deadline for Thursday night production: Submit domains to Google by the previous Monday at 5 pm EST.

Branding

Google allows customers to brand their message encryption portal to maintain brand recognition and a trusted relationship with their end users. Customers have the ability to brand the banner, welcome message, support contact, disclaimer and footer.

Please provide the following logos within the specified dimensions:

  • Top banner: 1200x130 - must be named topbanner.gif or topbanner.jpg
  • Mobile Top banner: 300x35 - must be named mobile.gif or mobile.jpg
  • Log-in banner: 1200x300 (optional) - must be named login.gif or login.jpg
  • Right justified footer image: 185x60 (optional) - must be named footer.gif or footer.jpg

Configuration Options

Please submit this information to gme-domain-notif@google.com as soon as you have decided on the details for each of the following:

  • An email account or a URL to a support website
  • Number of days (up to 60 days) a message remains/lives in the secure portal before it is purged (default is 14 days)
  • Password requirements (currently letters, numbers and special characters are required)
  • Number of minutes (10 or 30) before browser inactivity will automatically sign the user out (default is 20 minutess)
  • Whether to send a reminder to the sender and/or recipient before a secure message expires (currently not configured)
  • Which domains that users can compose new messages to (compose feature is optional)
Quick start videos Getting support for GAME

If you contact Google for support with GAME, a Google support representative will first determine if the issue is related to GAME. Google will route any GAME-related issues to Zix within a target time of 48 hours.

On receipt of a request, Zix will assume all responsibility for classifying the priority of the request. You will receive support directly from Zix within six business hours. Zix's business hours are 7 AM to 7 PM CST Monday through Friday and exclude U.S. public holidays.

Escalation of any issue will depend on the nature of that issue. If the GAME service is down, if email is not flowing, or if a message requires immediate expiration, inform the Google support representative so that they can escalate the issue with Zix.

Was this article helpful?