The DeliverySlip Crypto-Gateway connects with Microsoft 365 to help cast a wider net for data leakage protection. It is offered as a cloud service, and it is designed to emulate the ‘old school’ secure email gateways (or what we like to call, gateway-style DLP). It sits in-line between your mail server and the DeliverySlip API to offer high availability processing. For users, this translates into transparent outbound encryption, with all secure messages stored decrypted in the mail server. Both internal and external guest users continue to benefit from all the same DeliverySlip apps, plug-ins and mobile access.

DeliverySlip Crypto-Gateway Overview

Your Microsoft Office 365 administrator can set this up within minutes without any MX record changes required. The DeliverySlip Crypto-Gateway is a public service available at and will ignore all traffic unless the source of the traffic has been ‘whitelisted’ with DeliverySlip. This URL is configured behind an Azure traffic manager to assure that regional traffic is routed through the correct jurisdiction. The connection to the DeliverySlip Crypto Gateway service is done using SMTP via port 25. The STMP session must use the STARTTLS command to assure the SMTP messages are transmitted securely.

The following steps describe how to configure a simple Office 365 Connector and Transport Rule that will route messages with #secure in the subject line to the DeliverySlip Crypto-Gateway.

Collect Some Basic Information

To get started, the following information is necessary so the DeliverySlip Crypto-Gateway can receive messages from your email provider:

  • Indicate that your email service is through Office 365, or if using hosted or on-premises Exchange, you will need the IP address of sending server so we can whitelist it.
  • Primary Domain and all associated domains for the company.
  • Customer portal if different from Primary domain.

Once identified, please send this information to for configuration. Once configured, the sending mail service can be configured to route messages to the Crypto-Gateway service.

Configuring Office 365 for #secure

The simplest way to get going is to set up a routing rule to send all emails containing ‘#secure’ in the subject line to be sent secure. The transport rule required for this set-up is available with all Office 365 subscriptions and does not require the E3 license with DLP functions. Once configured, the DeliverySlip Crypto-Gateway service will effectively become a gateway-style encryption set-up and used as an outbound gateway for sending secure messages. Emails are received from an Exchange Online via an Exchange Connector. Transport Rules within the Office 365/Exchange Online environment will route the messages to the outbound Connector that then deliver the message to the Crypto-Gateway.

Create New Connector in Office 365:

    1. From the Office 365 Web Apps page, open the Admin App
    2. Expand “Admin centers” in the left menu and select “Exchange”
    3. Under “Mail flow” select “Connectors”
    4. Press + to add new Connector
    5. Select your mail flow scenario:
      1. From: “Office 365”
      2. To: “Partner organization”
    6. Select Next

Crypto-Gateway Exchange Connector Step 1

    1. Name the Connector “DeliverySlip Crypto-Gateway”

DeliverySlip Crypto-Gateway Name

    1. Check the “Turn it on” box and select Next
    2. Under “When do you want to use this connector?”
      1. Select the first option: “Only when I have a transport rule set up that redirects messages to this connector”, then select Next

DeliverySlip Crypto-Gateway Transport Rule Only

    1. Under “How do you want to route email messages?”
      1. Select: “Route email through these smart hosts”
      2. Press + and specify the fully qualified domain name: “”, then select Next

DeliverySlip Crypto-Gateway Relay URL

    1. Under “How should Office 365 connect to your partner organization’s email server?”
      1. Select: “Always use TLS”
      2. Select: “Any digital certificate, including self-signed certificates”, select Next, then Next again

DeliverySlip Crypto-Gateway TLS & Any Digital Certificate

    1. Under “Validate Connector”
      1. Press + and add any email address, then select “Okay”
      2. Select Validate button at bottom of screen

DeliverySlip Crypto-Relay Validate Connector

    1. Close confirmation screen
    2. Select Save
  1. Connector is now set up and ready to send email to the Crypto-Gateway.

Create new Transport Rule in Office 365

Below are steps to set up a simple Transport Rule that will route messages with #secure in the subject line to the DeliverySlip Crypto-Gateway.

    1. Select + symbol on tab at top of rules
    2. Select: “Create a new rule”
      1. Give rule a name, i.e.: “Crypto-Gateway Keyword Rule”
      2. Under “Apply this rule if…” Select “The sender is located…” and then “Inside the organization”

DeliverySlip Crypto-Gateway Transport Rule Step 1

      1. Select the “More options…” link at the bottom of the page

DeliverySlip Crypto-Gateway Transport Rule Step 2

      1. Add a condition to the Apply this rule if… section
      2. Select The subject includes… and enter #secure as the keyword

DeliverySlip Crypto-Gateway Transportl Rule Step 3

      1. Under Do the following, select Use the following connector…

DeliverySlip Crypto-Gateway Transport Rule Step 4

      1. Then select the previously configured Crypto Relay connector
      2. Add an Exception to the rule so that message generated by the Outlook Add-In are ignored.
      3. Select A message header matches…
        1. Header name: x-secure-message-id
        2. Paste this value: [0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}

DeliverySlip Crypto-Gateway Transport Rule Step 5

  1. Click on Save button to save the rule.