Encrypted Email Setup for Microsoft Exchange

• Overview
• Abbreviated Steps
• Step-By-Step Guide

Overview 

What you’ll need:

1. Trial subscription with Paubox (don't have one? sign up here!)
2. Microsoft Exchange: Access to your organization's Microsoft Management Center (MMC)
3. Domain: Admin access to your organization's Domain Host (for ex. GoDaddy or Cloudflare)
4. The smarthost value - provided by Paubox during setup

Note: Make sure you can log into your MMC & Domain Host as an admin before proceeding. 

What you’ll do:

1. Domain: Update the records in your Domain Host
2. Microsoft Exchange: Create a smarthost to route mail to Paubox
3. Paubox Dashboard: List the email addresses for secure sending, and upload your org's logo
4. Test: Send a test email & see it in your Paubox Admin Panel

Questions? Stuck? We’re here for you!  support@paubox.com

Abbreviated Steps

A pro with DNS & Exchange? These Abbreviated Steps are for you! 

Not an expert with domain records and Exchange Servers? Skip ahead to the Step-by-Step Guide! 

1. Edit your SPF record to include Paubox & your Exchange Server's static public IP
   • For example: v=spf1 ip4:10.1.1.1 include:_spf.paubox.com -all  
   • (10.1.1.1 is just a sample value; use your Exchange Server's sending IP instead)
   •  If there are other IPs or values, leave them - just edit to insert IP & the Paubox include
2. Create a smarthost in Exchange with the value provided by Paubox
3. Enter the list of email addresses to send with encryption in the Paubox dashboard; upload your logo
4. Send a test email to: paubox15@gmail.com

Note 1: STARTTLS must be enabled on your Exchange Server - TLS version 1.2 or higher. Send your public IP to us so we can complete the configuration on our side - send to: support@paubox.com

Note 2: Exchange, unlike Microsoft 365, is subject to firewall rules. Be sure to check your firewall policies limiting SMTP traffic to certain IP addresses inbound and outbound. If you need our assistance with this please contact support.

Step-By-Step Guide

Part I: Your Domain - Update Your Records 

1. Log in to your Domain Host
2. Click on the Control Panel (may also be called DNS Zone Editor, or just DNS)
3. If you see a record of type TXT with a value similar to: v=spf1 ip4:10.1.1.1 -all (where 10.1.1.1 is the static public IP address of your Exchange Server)
   • Edit the record and insert "include:_spf.paubox.com" just before the -all; for example:
     v=spf1 ip4:10.1.1.1 include:_spf.paubox.com -all 
   • Note: Do not actually use 10.1.1.1! This should be the IP of your Exchange Server.
     • Note: there may be other "includes" or IP numbers in the record, that is fine, just insert the "include:_spf.paubox.com" right before the -all
   • Click Save
4. If you do not see a record of type TXT that starts with v=spf1, create a new one: 

• In the Records section, click Add (may also be called Add Record)
• For Type, enter TXT
• In the Host Field, type: @  (if it does not accept the @ symbol, enter your domain)
• In the TXT value or Text field, type this line:

                v=spf1 ip4:10.1.1.1 include:_spf.paubox.com -all 

(replacing 10.1.1.1 with your IP)

• Leave the default value in the TTL field
• Click Save

5. Send your Exchange Server's static public IP to Paubox: support@paubox.com

(we'll need to create a relay on our side)

Part II: Microsoft Exchange: Create a Smarthost

STARTTLS must be enabled on your Exchange Server - please make sure this is enabled before continuing. 

Depending on which version of Microsoft Exchange you use, there are different steps on how to create a Smarthost:

• Create a Smarthost on Exchange 2007
• Create a Smarthost on Exchange 2010
• Create a Smarthost on Exchange 2013/2016

Once your Smarthost is correctly in place, Exchange will automatically route remote outbound email through Paubox. No service or machine restart is required. 

Part III: Paubox Dashboard - Enter Email Addresses; Upload Logo

1. Navigate to the Paubox Admin Login Page (https://www.paubox.com & "Sign In")
2. Log in with your email address and password (not sure? click "Forgot your password?")
3. Click on "Encrypted Senders" and "Add Single Sender" to enter every email address that should be sending securely via Paubox if not already listed (at your limit? email support@paubox.com)
4. Click on "Overview" and under "Domain Settings" upload your organization's logo

Part IV: Test Email

Sending a Test Email

1. Log in to your email account
2. Compose a new email to: paubox15@gmail.com with the subject: Test
3. Enter anything you like in the message body, and click Send
4. Congratulations! You have sent your first secure email via Paubox!

 Verifying a Test Email

1. Navigate to the Paubox Admin Login Page
2. Log in with your email address and password (not sure? click "Forgot your password?")
3. Under Outbound, click on Statistics 

                  Verify green bar graph shows outbound email count passing through our servers

    4. Under Outbound, click on Mail Log

                 Verify that your test email to paubox15@gmail.com appears in the log

In addition, check your email inbox for replies to the emails you send - and note the security footer that appears on the bottom of your messages, confirming they were sent securely via Paubox. 

Note: internal emails (sent to people in your organization) do not leave your domain and will not have the Paubox security footer at the bottom.