Search
Clear search
Close search
Google apps
Main menu

Google Apps is now G Suite. Same service, new name. More about the name change.

G Suite Message Encryption Quick Start Guide

Note: The Google Cloud Support team provides limited support for the G Suite Message Encryption app, as it is a third-party service.

G Suite Message Encryption (GAME) is an email encryption service for G Suite customers. Designed by ZixCorp at the request of Google, GAME provides secure email to G Suite users communicating outside Google’s secure cloud to all other email users.

GAME provides on-demand message encryption, so you can securely communicate with business partners and customers. G Suite customers can predefine security policies to trigger encryption of sensitive information in their outbound email communication. Using ZixCorp’s Best Method of Delivery, GAME provides transparent encryption between G Suite and ZixCorp customers, as well as the ability to deliver securely to anyone, anywhere and on any device.

This GAME Quick Start Guide is intended to help you purchase, set up and test your GAME service for production use. For additional information on ZixCorp's G Suite Message Encryption service, visit the GAME Resource Center.

data center

Purchase GAME

Your first step in setting up GAME is to purchase it by contacting a Google sales representative or Google Cloud partner directly. Your order is then forwarded to ZixCorp, who is accountable for facilitating your GAME service set up. In addition, after purchase, you must also take some steps to complete your set up. See Service setup overview for details.

Service setup overview

After purchase, you must complete your GAME set up by doing the following, in this order:

Note: You must have Super Admin privileges in G Suite to complete many of the tasks described here. If you are the primary user who set up the original G Suite account, you are the Super Admin by default. The primary G Suite administrator must grant subsequent users Super Admin privileges.
  1. Choose your GAME configuration options using the GAME Self-Service portal. See Set up service using the GAME Self-Service Portal.
  2. Enable the Admin SDK within G Suite to allow the GAME Admin Tool to authenticate you. See Enable the Admin SDK.
  3. Set up authorized message encryption users and create custom email bounce messages in the GAME Admin Tool. See Set up the GAME Admin Tool.
  4. Configure the Google Admin console to route encrypted email properly. See Set up the Google Admin console for encrypted mail.
  5. Test your GAME service to ensure it is sending encrypted email properly. See Test your GAME configuration.
Set up service using the GAME Self-Service Portal

Once you have purchased GAME by contacting and working with a Google sales representative, ZixCorp receives your order request and sets up your GAME Self-Service Portal (SSP) account information. The GAME SSP automatically sends you a welcome letter, similar to the following, to help you get started. You must then choose your GAME configuration options using the GAME SSP.

Note: You must choose your configuration options using the GAME SSP and submit your service for deployment before continuing with the next step.

Portal welcome screen

When you receive the automated welcome letter from the GAME SSP, follow the instructions in it to sign in to the GAME SSP to prepare and submit your service for deployment. Service deployments happen every Tuesday and Thursday night:

  • Deadline for Tuesday night deployment—Submit your GAME SSP order by the previous Wednesday at 5pm EST.
  • Deadline for Thursday night deployment—Submit your GAME SSP order by the previous Monday at 5pm EST.

After you choose your configuration options using the GAME SSP and submit your service for deployment, ZixCorp deploys the service. After that, you receive a confirmation email. Once you receive confirmation that your GAME service is deployed, you must then change some settings for the GAME service.

Enable the Admin SDK

Before you launch the GAME Admin Tool for the first time, you must enable the Admin SDK so that the GAME Admin Tool can authenticate you.

  1. Sign in to the Google Admin console.
  2. Select Security.
  3. Select API reference.
  4. Check the Enable API access box if it’s unchecked.
  5. Click Save Changes.
Set up the GAME Admin Tool

The GAME Admin Tool allows you to add authorized message encryption users and to set up custom email bounce messages that are sent to unauthorized users.

When a G Suite user need to send an encrypted email, that message is routed to the GAME SMTP server, which then checks the sender’s email address against the authorized message encryption users list you created.

If the user is authorized to send encrypted email, the message will be encrypted and sent using ZixCorp’s Best Method of Delivery (BMOD). BMOD provides transparent encryption between all ZixCorp customers as well as two different keyless delivery methods for other recipients. The default keyless delivery method for GAME customers is Portal Delivery.

Note: The GAME Admin Tool is intended to manage only your primary Google Admin console domain. Any users in additional domains are automatically allowed to send encrypted email. If you want to change these permissions, you must manage them using content compliance rules in the Google Admin console.
Launch the GAME Admin Tool
  1. Do one of the following:
  2. Sign in using your G Suite account.
  3. If you are prompted to accept access to the user profile, select Accept to continue.
    Note: The first time you launch the GAME Admin Tool, Enable Message Encryption for all users in this domain on the Users tab may be selected. If you want to customize your user list, you must uncheck this box.
Manage users and set up custom notifications
Add all users to GAME
  1. In the GAME Admin Tool, select the Users tab.
  2. Check the Enable Message Encryption for all users in this domain box if it isn’t already checked.

Note: Exceeding the number of licenses will result in additional fees.

Add selected users to GAME
  1. In the GAME Admin Tool, select the Users tab.
    Note: If the Enable Message Encryption for all users in this domain box is checked, you must uncheck it to add specific users.
  2. Click Add.
  3. Enter the the first part of the user’s email address (the part before the @ sign).
  4. Click Add.
Add users with a bulk upload
  1. In the GAME Admin Tool, select the Users tab.
  2. Click the Import button.
  3. Choose the file and select csv file.
  4. Click Import.
Delete users from GAME
  1. In the GAME Admin Tool, select the Users tab.
  2. Check the boxes for the users that you want to delete.
  3. Click Delete.
  4. In the pop-up window, check the box and click Delete to confirm.
Set up custom notifications
  1. In the GAME Admin Tool, select the General tab.
  2. In the Unauthorized User Message section, enter your email notification.
  3. Click Preview Message.
  4. Click Save.
Set up the Google Admin console for encrypted mail
Add GAME to the Inbound Gateway list

GAME requires you to add the ZixCorp IP addresses to the G Suite Inbound Gateway list to ensure all replies and encrypted messages from other ZixCorp customers are delivered.

  1. Sign in to the Google Admin console.
  2. Click Apps > G Suite > Gmail > Advanced settings.
  3. In the Spam section, look for Inbound Gateway.
  4. Do one of the following:
    • If you are in the U.S., in the text box, type the IP address: 199.30.235.99.
    • If you are in the EU, in the text box, type the IP address 91.209.6.244.
    Note: Don’t check the Only let users receive email from the email gateways listed above box.
  5. Click Save Changes.
Add an email route for ZixCorp in the Google Admin console

You now must add an email route for ZixCorp. You need to add only one email route, or host, regardless of how many organizations or users will be using GAME.

  1. Sign in to the Google Admin console.
  2. Click Apps > G Suite > Gmail.
  3. On the Gmail settings page, click Hosts.
  4. Click Add route to open the Add mail route screen.
  5. Enter the following:
    1. Enter ZixCorp GAME in the blank field.
    2. Choose Single host from the menu.
    3. Do one of the following:
      • Foe the U.S. version of the GAME Admin Tool, enter smtp.appsmessageencryption.com.
      • For the EU version of the GAME EU Admin Tool, enter smtp.appsmessageencryption-EU.com.
    4. After the colon, enter 25 as the port.
    5. Check Require TLS delivery.
      Note: Gmail automatically defaults to using TLS.
    6. Click Save.

    Note: Don’t check the Perform MX lookup on host box.

Set up encryption for content compliance
  1. Sign in to the Google Admin console.
  2. Click Apps > G Suite > Gmail > Advanced settings.
  3. Scroll down to the Content compliance section.
  4. Click the Configure button to add a new filter. Or, if you already have a Content compliance filter, click Add another.
    Note: The Add another button doesn’t display unless you hover over Content compliance.
  5. Enter ZixEncrypt as the short description.
  6. For Email messages to affect, check Outbound.
  7. For Add expressions that describe the content you want to search for in each message, select If ANY of the following match the message.
  8. In the Expressions section, click Add.
  9. Select Advanced content match in the first drop-down menu.
    • For Location, select Subject.
    • For Match type, select Contains text.
    • For Content, type ZixEncrypt.
  10. Click Save.
  11. For If the above expressions match, do the following, select Modify message from the drop-down menu.
  12. In the Route section, click Change route.
  13. From the Select a route drop-down menu, select ZixCorp GAME.
  14. Click Add Setting or Save to close the dialog box.
  15. Click Save changes at the bottom of the Email settings screen.
Test your GAME configuration

After you have had your GAME service deployed and set up the GAME Admin Console to route secure email, you should test your new services to ensure they are sending encrypted email properly.

To confirm that encryption is working properly:

  1. Sign in to the GAME Admin Tool.
  2. From your Gmail account, send an encrypted email to an outside account (for example, hotmail.com, yahoo.com) by typing ZixEncrypt in the Subject line of the message.
  3. Once you receive the secure message notification in your outside email account (for example, hotmail.com, yahoo.com, etc.), sign in to the secure portal following the instructions in the notification email.
  4. Reply to the message from within the secure message portal.
  5. You will receive a response from the portal in your Gmail inbox with a disclaimer within the message ensuring that it was Secured by Zix.
Note: When you receive the portal notification, contact ZixCorp support to activate the decryption server.
Getting support for GAME

If you need immediate support for GAME issues, call ZixCorp support at 888-576-4949. You can send all other support request via email to support@zixcorp.com. A support technician will respond to your request within six business hours. ZixCorp’s business hours are 7:00 AM to 7:00 PM CST Monday through Friday.

Was this article helpful?
Sign in to your account

Get account-specific help by signing in with your Apps for Work account email address, or learn how to get started with Apps for Work.