Beware of MX Records Changes with Your Encryption Solution for Office 365


As we’ve said time and time again, not all email encryption solutions were created equal. These inequalities are especially true when it comes to leveraging your existing IT investments along with a secure messaging solution. Unfortunately however, these discrepancies are not always easy to spot. Such is the case with mail exchanger records (or MX records for short) and some encryption solutions for Office 365. MX records are used to direct your email domain (e.g. to Office 365 so that you can access and manage your email messages in Outlook.

Presumably if you’ve made the investment in Office 365-hosted email it means you want to keep your messages there. After all, you’re already paying for it. Your email encryption solution for Office 365 shouldn’t change this fact. We’ll even go a step further to say that at Cirius we believe your encryption solution should enhance and add value to your existing IT investments.

Now, you’re probably thinking to yourself that all email encryption providers say the same thing. While that’s undoubtedly true (because what company doesn’t want you to believe their product or service is the best?), the reality is many aren’t walking the talk.

Your email encryption solution should not require you to change MX records to secure the content (only for that same content to then be redirected back into your email platform after the fact). In effect, by changing MX records you are disabling your Office 365 email. At the very least, changing MX records creates redundancies and increases the risk of error – the opposite of what a security solution should do. Plus, changing MX records means all of your business’s email content is being redirected elsewhere, not just the content you want encrypted. Perhaps without realizing it you are now dependent on a third-party system (that is not Office 365) to manage not only the content you want encrypted, but also all of your regular non-encrypted email messages.

We won’t name names, but if you are currently looking for an encryption solution or have invested in one already, it is worth checking whether MX record changes are required in order for it to work with Office 365.

In the case of Cirius, our solution acts as a secure message “community” by adding email encryption and security that sits on top of existing Office 365 email infrastructure. Users stay within their regular email environment to send and receive secure messages. They also have a host of additional message control features (all accessible from their Outlook inbox) such as real-time activity notifications when a secure message is received and opened by recipients, the ability to stop recipients from replying to or forwarding messages, and the ability to securely share large files externally. You can read more about our Office 365 integration here.

With Cirius, by default all secure email messages and content sent and received via Outlook are stored decrypted in the mail server for both sender and recipients. Messages and folders are still indexed and searchable in Outlook and the archive continues to work normally. And perhaps most importantly in the context of this blog post no MX records are changed in the process.