The Virtru On-Premises Email Gateway (On-Prem GW) is a purpose-built Mail Transfer Agent (MTA) that handles email encryption. Whereas other Virtru clients such as browser plugins and mobile applications encrypt emails on the customer's device, Gateway encrypts the emails on the server-side.
The Gateway not only handles encryption of emails, but it can also handle decryption of previously Virtru encrypted emails.
Jump to:
Use Cases
There are several standard use cases for Virtru's On-Prem GW. Those include, but are not limited to:
- Application Encryption
- MFP/Copier Encryption
- Protecting messages from any device
Features
Please Note:
Check our release notes page for the latest version and updates.
Modes
Outbound Encrypt
An organization can install Gateway in the path of outbound emails to encrypt all outgoing emails. This ensures that no data leaves the organization in cleartext. Emails encrypted in this manner can be revoked or expired by an administrator and sender via Virtru Control Center.
Use Cases:
- Sending Confidential Information
- Sending Personally Identifiable Information
Inbound Encrypt
An organization can install the Gateway in the path of inbound emails to encrypt all the incoming emails from external senders. This ensures that no sensitive data is left in clear text in an organization's email servers or inboxes. As in the case of Outbound Encrypt, emails encrypted in this mode can be revoked or expired by an administrator via Virtru Control Center.
Use Cases:
- Securing messages on a shared infrastructure
Outbound Decrypt
An organization can install the Gateway in the path of outbound emails to decrypt all outgoing emails. If an organization's senders are using Virtru's client-side encryption products such as browser plugins or mobile apps, an organization can choose to decrypt emails for archiving or content inspection purposes before the email leaves the organization.
Use Cases:
- Trusted Partner
Inbound Decrypt
An organization can install the Gateway in the path of inbound emails to decrypt all incoming emails from external senders. This ensures that all email is delivered to the recipients in cleartext.
Use Cases:
- Shared mailboxes
- Ticketing Systems
- Client Management Systems
Outbound DLP
An organization can install Gateway in the path of outbound emails to scan all outgoing emails. Emails sent to the gateway in this manner can be subject to any DLP rules configured by an administrator via Virtru Control Center.
Use Cases:
- Sending Confidential Information
- Sending Personally Identifiable Information
- Trigger encryption and access control options using our Virtru DLP rules
Mail Delivery
The Virtru Gateway can deliver mail in one of two ways:
- Relay emails to downstream MTA (next hop)
- Perform final delivery of emails.
Note about inbound modes: Starting with Gateway version 2.4
When we decrypt or encrypt messages inbound it breaks the DKIM sealed by the original sender, and since we don't have the rights to use the original sender's DKIM keys, we rewrite the "from" address so we can use the customer's DKIM, and generate a legit DKIM for the changed message. To keep the conversation easy to maintain in the mailbox we add a "reply-to" header with the original sender address outside of the domain to ensure that you can reply to the sender without issue.Note: This works well for a regular email workflow but this will need to be taken into consideration if messages are being encrypted or decrypted into a system that depends on the "from" address field, make changes accordingly to ensure that these messages are logged properly.
Example:
The from address will be changed to "gateway-noreply@customerdomain.com"
The reply-to header will be added for " person@outsidedomain.com"
