Encrypting Confidential Emails in FortiMail


You want to send an email containing sensitive information, but you’re afraid that someone could intercept the message and read the information.

Thankfully, your FortiMail unit can encrypt your messages. There are two ways you can encrypt your email messages:

  • Content-based encryption: The FortiMail unit can find key words in an email’s subject header or message body to determine if a message should be encrypted. For example, if you add “Confidential” in your subject header, FortiMail will encrypt the email message.
  • Rule-based encryption: The FortiMail unit encrypts all email sent from specific sources. For example, you could configure FortiMail to encrypt every email sent from the financial department.

This recipe covers content-based encryption.

To encrypt your email based on the contents of the message:

Enable the IBE service

  1. Navigate to Encryption > IBE > IBE Encryption.

 2.  Enable IBE service and configure the other settings.

Enabling the IBE service.
Enabling the IBE service.

Configure the encryption profile

 1. Navigate to Profile > Security > Encryption.

 2.  Select New.

Creating a new encryption profile.
Creating a new encryption profile.

 3.  Enter a descriptive name for the encryption profile in the Profile name text field.

 4. Select either IBE from the Protocol dropdown menu.

Note: For more information on additional settings in the Encryption Profile, see the FortiMail Administrator guide. 

 5.  Select Create.

Add the IBE encryption profile to the Content Action Profile

Content action profiles define the action taken by the FortiMail unit when it encounters an email containing a prohibited word or phrase. If you require more detailed information on the Content Action Profile, consult the FortiMail Administrator guide.

 1.  Navigate to Profile > Content > Action. 

 2.  Select New. 

Creating a new content action profile.
Creating a new content action profile.

 3.  Enter a descriptive profile name.

 4.  Enable Encrypt with profile to apply an encryption profile. Select which encryption profile to use from the dropdown menu.

Enabling the encryption profile.
Enabling the encryption profile.

Create Dictionary Profiles

 1.  Navigate to Profile > Dictionary > Dictionary.

 2.  Select New. 

Editing the dictionary profile.
Editing the dictionary profile.

 3.  Enter the name of the profile.

 4.  Select New in the Dictionary Entries section.

Creating a new dictionary entry.
Creating a new dictionary entry.
 5.  Select the Enable checkbox. 

 6.  Type “Confidential” in the Pattern textbox.

 7.  Enable the search header checkbox and select Create.

Configure Content Profiles

 1.  Navigate to Profile > Content > Content.

 2.  Select New. 

Creating a new content profile.
Creating a new content profile.

 3.  Select the Content Monitor and Filtering arrow.

Selecting the Content Monitor and Filtering arrow.
Selecting the Content Monitor and Filtering arrow.
 4.  Select New.


Configuring the new content profile.

 5.  Select the Enable checkbox.

 6.  Select the recently created dictionary from the Dictionary dropdown menu.

 7.  Select the number of times that an email must match the dictionary profile before it receives the action configured in Actions.

 8.  Select the action you created in the Configuring Content Action Profiles step.

 9.  Select Create.

Configure Policies

The last step is to configure a policy to use the content profile.

Depending on whose email you want to encrypt, you can use either the IP-based or recipient-based policies. For example, if you want to apply encryption to everyone’s outgoing email in the whole company, you can create a recipient-based policy that uses sender as *@example.com

6-1 Policy Configure
Implementing the newly created policy.
  • Was this helpful?
  • Yes   No