About
The Virtru Hosted Gateway is a hosted secure email gateway that provides Virtru’s data protection and DLP functionality as an MTA endpoint.
The email gateway service encrypts data before leaving or entering your domain, even if the sender does not have Virtru plugins installed or enabled in their email client.
The Hosted Gateway requires no install/config/maintenance and is a component of any compliance initiative requiring data protection.
Jump to:
DNS
Some DNS entries are required prior to implementation. Please create these DNS records prior to Gateway setup. These records will need to be created for each domain that will be sending mail through the Hosted Gateway.
Your Virtru representative will send you a 40 character alpha-numeric string. Please substitute this string where it says <virtru_supplied_token> below.
Please substitute your domain where it says <yourdomain.com> below.
-
CNAME Records
Created so Virtru can sign DKIM and the virtrugateway.com domain can send on behalf of your domain, please create each CNAME entry below:
-
- Name: virtrugw._domainkey.<yourdomain.com>
- Type: CNAME
- Value: virtrugw._domainkey.virtrugateway.com
- Name: virtrugw2._domainkey.<yourdomain.com>
- Type: CNAME
- Value: virtrugw2._domainkey.virtrugateway.com
-
TXT Record
- Created so Virtru can verify domain ownership prior to implementation
- Name: @
- Type: TXT
- Value: virtru-site-verify=<virtru_supplied_token>
-
DMARC Policy
- Set a DMARC policy for your sending domains to align with best practices for email delivery.
- Define your DMARC record reference
Note - GoDaddy, Namecheap, Squarespace
If using GoDaddy as your DNS provider please drop the domain name from the CNAME record name. GoDaddy auto adds domain names so failing to drop the .<yourdomain> noted above will cause the domain to be listed twice in the record.
Go Daddy Screen shot examples:
CNAME
TXT
Note - Route53
If using Route53 as your DNS provider please leave the Name field empty for the TXT record.
Example:
<yourdomain.com> = virtruprivacy.com
<virtru_supplied_token> = PRwJ2U3zRu4MOKq30V4z2X0jjcOgkuaPaZL7vLt8
CNAME
TXT
Note - Google Domains
If using Google Domains as your DNS provider please drop the domain name from the CNAME record name. Google auto adds domain names so failing to drop the .<yourdomain> noted above will cause the domain to be listed twice in the record. In addition, Google will automatically add your domain name to the end of the value of the record. To prevent that, use virtrugw._domainkey.virtrugateway.com. and virtrugw2._domainkey.virtrugateway.com. as the values.
Google Screen shot examples:
CNAME
TXT
Mail Flow
The Virtru Hosted Gateway is preconfigured for maximum security and interoperability between systems.
- Host
- smtp.virtrugateway.com
- Port
- 587
- 25
- TLS
- Mandatory
Header
Authentication
The Virtru Hosted Gateway authenticates inbound traffic via header authentication. The application sending to the Virtru Hosted Gateway must have the ability to add an X-Header.
Example Header
X-Virtru-Auth:00000000000000000000
Virtru will provide the Authentication code.
Decryption
The Virtru Hosted Gateway uses an X-Header to dictate a decryption request. For every inbound decrypt request, this header must exist.
X-Virtru-Decrypt:1
Delivery
The Virtru Hosted Gateway will always perform final delivery using the recipient's MX record.
The Virtru Gateway will deliver using the following IP addresses.
199.60.232.32
199.60.232.33
199.60.232.34