G Suite Message Encryption (GAME International) reference guide

This guide is intended as a reference to help you use G Suite Message Encryption (GAME International) in a production environment. GAME is an email encryption service for G Suite customers. Designed by Zix at the request of Google, GAME provides secure email to G Suite users communicating outside Google’s secure cloud to all other email users.

Note: The Google Cloud Support team provides limited support for GAME, as it is a third-party service. 

Getting started

Learn about GAME

GAME provides on-demand message encryption, so you can securely communicate with business partners and customers. G Suite customers can predefine security policies to trigger encryption of sensitive information in their outbound email communication. Using Zix’s Best Method of Delivery, GAME provides transparent encryption between G Suite and Zix customers, as well as the ability to deliver securely to anyone, anywhere, and on any device. For additional information on Zix's G Suite Message Encryption service, visit the GAME Resource Center. data center

Understand setup tasks

After purchase, you must set up GAME by doing the following, in this order:

Note: You must have Super Admin privileges in G Suite to complete many of the tasks described here. If you are the primary user who set up the original G Suite account, you are the Super Admin by default. The primary G Suite administrator must grant subsequent users Super Admin privileges.
  1. Choose your GAME configuration options using the GAME Self-Service portal. See Set up service using the GAME Self-Service Portal.
  2. Enable the Admin SDK within G Suite to allow the GAME Admin Tool to authenticate you. See Enable the Admin SDK.
  3. Set up authorized message encryption users and create custom email bounce messages in the GAME Admin Tool. See Set up the GAME Admin Tool.
  4. Configure the Google Admin console to route encrypted email properly. See Set up the Google Admin console for encrypted mail.
  5. Test your GAME service to ensure it is sending encrypted email properly. See Test your GAME configuration.
Set up GAME using the Self-Service Portal

Once you have purchased GAME by contacting and working with a Google sales representative, Zix receives your order request and sets up your GAME Self-Service Portal (SSP) account information. The GAME SSP automatically sends you a welcome letter to help you get started. You must then choose your GAME configuration options using the GAME SSP.

Note: You must choose your configuration options using the GAME SSP and submit your service for deployment before continuing with the next step.

When you receive the automated welcome letter from the GAME SSP, follow the instructions in it to sign in to the GAME SSP to prepare and submit your service for deployment. Service deployments happen every Tuesday and Thursday night:

  • Deadline for Tuesday night deployment—Submit your GAME SSP order by the previous Wednesday at 5pm EST.
  • Deadline for Thursday night deployment—Submit your GAME SSP order by the previous Monday at 5pm EST.

After you choose your configuration options using the GAME SSP and submit your service for deployment, Zix deploys the service. After that, you receive a confirmation email. Once you receive confirmation that your GAME service is deployed, you must then change some settings for the GAME service.

Enabling and launching the Admin Tool

Learn about the GAME Admin Tool

The GAME Admin Tool allows you to add authorized message encryption users and to set up custom email bounce messages that are sent to unauthorized users.

When a G Suite user needs to send an encrypted email, that message is routed to the GAME SMTP server, which then checks the sender’s email address against the authorized message encryption users list you created.

If the user is authorized to send encrypted email, the message will be encrypted and sent using Zix’s Best Method of Delivery (BMOD). BMOD provides transparent encryption between all Zix customers as well as two different keyless delivery methods for other recipients. The default keyless delivery method for GAME customers is Portal Delivery.

Note: The GAME Admin Tool is intended to manage only your primary Google Admin console domain. Any users in additional domains are automatically allowed to send encrypted email. If you want to change these permissions, you must manage them using content compliance rules in the Google Admin console.
Enable the GAME Admin SDK

Before you launch the GAME Admin Tool for the first time, you must enable the Admin SDK so that the GAME Admin Tool can authenticate you.

  1. Sign in to the Google Admin console.
  2. Select Security.
  3. Select API reference.
  4. Check the Enable API access box if it’s unchecked.
  5. Click Save Changes.
Launch the GAME Admin Tool
  1. Do one of the following:
  2. Sign in using your G Suite account.
  3. If you are prompted to accept access to the user profile, select Accept to continue.

    Note: The first time you launch the GAME Admin Tool, Enable Message Encryption for all users in this domain on the Users tab may be selected. If you want to customize your user list, you must uncheck this box.

Managing users and setting up custom notifications

Add all users to GAME
  1. In the GAME Admin Tool, select the Users tab.
  2. Check the Enable Message Encryption for all users in this domain box if it isn’t already checked.

Note: Exceeding the number of licenses will result in additional fees.

Add selected users to GAME
  1. In the GAME Admin Tool, select the Users tab.

    Note: If the Enable Message Encryption for all users in this domain box is checked, you must uncheck it to add specific users.

  2. Click Add.
  3. Enter the the first part of the user’s email address (the part before the @ sign).
  4. Click Add.
Add users to GAME with a bulk upload
  1. In the GAME Admin Tool, select the Users tab.
  2. Click the Import button.
  3. Choose the file and select csv file.
  4. Click Import.
Delete users from GAME
  1. In the GAME Admin Tool, select the Users tab.
  2. Check the boxes for the users that you want to delete.
  3. Click Delete.
  4. In the pop-up window, check the box and click Delete to confirm.
Set up custom notifications for GAME
  1. In the GAME Admin Tool, select the General tab.
  2. In the Unauthorized User Message section, enter your email notification.
  3. Click Preview Message.
  4. Click Save.

Setting up the Google Admin console for encrypted mail

Add GAME to the Inbound Gateway list

GAME requires you to add the Zix IP addresses to the G Suite Inbound Gateway list to ensure all replies and encrypted messages from other Zix customers are delivered.

  1. Sign in to the Google Admin console.
  2. Click Apps > G Suite > Gmail > Advanced settings.
  3. In the Spam section, look for Inbound Gateway.
  4. Do one of the following:
    • If you are in the U.S., in the text box, type the IP address: 199.30.235.99.
    • If you are in the EU, in the text box, type the IP address 91.209.6.244.
    Note: Don’t check the Only let users receive email from the email gateways listed above box.
  5. Click Save Changes.
Add an email route for Zix in the Google Admin console

You now must add an email route for Zix. You need to add only one email route, or host, regardless of how many organizations or users will be using GAME.

  1. Sign in to the Google Admin console.
  2. Click Apps > G Suite > Gmail.
  3. On the Gmail settings page, click Hosts.
  4. Click Add route to open the Add mail route screen.
  5. Enter the following:

    Note: Don’t check the Perform MX lookup on host box.

    • Enter Zix GAME in the blank field.
    • Choose Single host from the menu.
    • Do one of the following:
      • For the U.S. version of the GAME Admin Tool, enter smtp.appsmessageencryption.com.
      • For the EU version of the GAME EU Admin Tool, enter smtp.appsmessageencryption-EU.com.
    • After the colon, enter 25 as the port.
    • Check Require TLS delivery.

      Note: Gmail automatically defaults to using TLS.

  6. Click Save.
Set up encryption for content compliance
  1. Sign in to the Google Admin console and go to the Content compliance section:
    1. Click Apps > G Suite > Gmail > Advanced settings.
    2. Scroll down to the Content compliance section.
  2. Click the Configure button to add a new filter. Or, if you already have a Content compliance filter, click Add another.

    Note: The Add another button appears when you hover over Content compliance.

  3. Enter ZixEncrypt as the short description.
  4. For Email messages to affect, check Outbound.
  5. For Add expressions that describe the content you want to search for in each message, select If ANY of the following match the message.
  6. In the Expressions section, click Add.
  7. Select Advanced content match in the first drop-down menu.
    • For Location, select Subject.
    • For Match type, select Contains text.
    • For Content, type ZixEncrypt.
  8. Click Save.
  9. Specify the Zix GAME routing:
    • For If the above expressions match, do the following, select Modify message from the drop-down menu.
    • In the Route section, click Change route.
    • From the Select a route drop-down menu, select ZixCorp GAME.
    • Click Add Setting or Save to close the dialog box.
  10. Click Save changes at the bottom of the Email settings screen.

Testing your service and getting support

Test your GAME service

After you have deployed GAME and set up the GAME Admin Console to route secure email, you should test your new services to ensure they are sending encrypted email properly.

To confirm that encryption is working properly:

  1. Sign in to the GAME Admin Tool.
  2. From your Gmail account, send an encrypted email to an outside account (for example, hotmail.com or yahoo.com) by typing ZixEncrypt in the Subject line of the message.
  3. When you receive the secure message notification in your outside email account (for example, hotmail.com or yahoo.com, etc.), sign in to the secure portal following the instructions in the notification email.
  4. Reply to the message from within the secure message portal.

You will receive a response from the portal in your Gmail inbox with a disclaimer within the message ensuring that it was Secured by Zix.

Note: When you receive the portal notification, contact Zix support to activate the decryption server.
Get support for GAME

If you need immediate support for GAME issues, call Zix support at 888-576-4949. Send all other support requests to support@zixcorp.com. A support technician will respond to your request within six business hours. Zix’s business hours are 7:00 AM to 7:00 PM CST Monday through Friday.

Was this article helpful?
How can we improve it?