This step is for the encryption service.

This step is required to validate domain ownership. You need to do this step for each domain listed at the bottom of this step. If the domain(s) listed are not accurate, contact Zix customer support. Through your DNS provider, you need to add a TXT record as specified in this step. Once the TXT record has been added to your DNS, ZixCentral automatically recognizes the change and flags the step as finished.

This step may vary between DNS providers and it is recommended that you check with your DNS provider for specific instructions. You can also force an update by selecting Check Record; otherwise the change will process when the next scheduled job runs.

This step is for the encryption and outbound threat protection services.

This step is required to identify the Zix hosted service as an authorized sender for outbound messages. Through your DNS provider, you will need to add or modify your existing TXT record as specified in this step. You need to do this step for each domain. Once you have completed this step, select Mark as Complete and the step will be flagged as finished.

This step is for the encryption and outbound threat protection services.

This step is required to identify which IP addresses outbound mail will be sent from. Use the domain links listed in this step (one per domain) and you will be redirected to the domains configuration page where you can add the IP addresses. If Microsoft Office 365, Google G Suite, or AppRiver Email Security is the last hop before the Zix hosted service, you can simply check that box to complete this step, otherwise you will need to enter all IP addresses that will be sending to the Zix hosted service. Once you Save the changes, you will be redirected back to the setup steps and this step will be flagged as finished.

The outbound servers are limited to a /24 subnet and as such the maximum IP range is 254 hosts.

This step is for the encryption and inbound threat protection services.

This step is required to specify where the Zix hosted service should deliver inbound mail. Use the domain links listed in this step (one per domain) and you will be redirected to the domains configuration page where you can enter the host name of the inbound mail servers where the mail should be delivered. The system will automatically pre-populate the inbound mail servers with what is currently listed in your MX records which specifies where inbound mail should be delivered for the domain but you may change what is listed if needed. Once you Save the changes, you will be redirected back to the setup steps and this step will be flagged as finished.

This step is for all services.

In order to secure communications between the Zix hosted service and your mail service, a TLS 1.2 connection is required and the TLS certificate must be publicly rooted meaning that it was obtained from a trusted 3rd party and is not self-signed. This step only asks that you validate that your mail service supports use of TLS 1.2 because if a TLS connection cannot be established or the TLS level is less than 1.2, then inbound mail will not be delivered to your mail service. This is mandatory to protect the communications between the hosted service and your mail service. Once you have validated TLS 1.2 support, select Mark as Complete and the step will be flagged as finished. Note that if you are using a direct connection from the Zix hosted service to Office 365 or Gmail/G Suite, both support TLS 1.2 and you may select Mark as Complete and the step will be flagged as finished.

This step is for the encryption service.

All previous steps must be completed before proceeding with this step. This step is required to configure the secure message portal for encryption which is where encrypted messages are sent for retrieval by recipients if messages cannot be sent by other delivery methods. In this step, you need to provide a Portal Name. The Portal Name is what is used in constructing the URL for the portal. When you enter the Portal Name, you will see what the URL looks like on the right hand side. This name should be reflective of your company name. The name must not contain spaces or other special characters that would make the URL invalid. The name must not already exist in the Zix system.

You will also need to provide a Portal Display Name. This name will appear on the portal sign in page. The name should be reflective of your company name.

Make sure that the Portal Name and Portal Display Name entries are correct before selecting Apply because you cannot make changes yourself after that. If you do need to make changes after selecting Apply, you will need to contact Zix customer support.

Once you Apply the changes, the step will be flagged as finished. The portal URL is displayed but takes approximately fifteen minutes to configure. If you select the URL before it has configured, you will be directed to ZixMessage Center.

This step is for the encryption and outbound threat protection services.

All previous steps must be completed before proceeding with this step. This step is required to configure your mail service to route outbound messages to the Zix hosted service. This needs to be done at the last mail relay in your mail flow which could be your mail server or another service processing your mail prior to it being sent out over the internet such as a data loss prevention service. This may also be called something like “outbound connector” or “outbound mail relay” on your mail service.

Instructions are available on how to configure Office 365 and G Suite from the Zix customer support portal:

Office 365 – https://support.zixcorp.com/app/answers/detail/a_id/734

G Suite – https://support.zixcorp.com/app/answers/detail/a_id/749/kw/google%20outbound

This step must be repeated for each of the listed domains. When completed, select Mark as Complete and the step will be flagged as finished.

This step is for the encryption and inbound threat protection services.

This step is required to route inbound messages to the Zix hosted service. Through your DNS provider, you will need to add three MX records for each domain as shown in this step. Once you have completed this step, select Mark as Complete and the step will be flagged as finished.

This step is for the inbound threat protection service.

This step is optional but recommended. This step asks that you configure your firewall to only accept incoming mail from the Zix hosted service such that all mail will pass through the threat protection service. Use the domain links listed in this step (one per domain) to see the firewall settings for each domain. Once you have completed this step, select Mark as Complete and the step will be flagged as finished.

This step is for the inbound and outbound threat protection services.

This step is optional but is required to take advantage of the Continuity feature, part of the threat protection service, which enables access to your past 30 days of messages even when your mail service fails. This step asks that you configure your mail server to journal messages to the Continuity service. Use the Journal Push Import link in this step to get the address to use for journaling. Once you have completed this step, select Mark as Complete and the step will be flagged as finished.

This step is for the archiving service.

This is an optional step and is where you configure retention policies, that is, how long messages should be retained in the archiving service. Use the Retention Policies link in this step to change retention policies. Once you have completed this step or if you are satisfied with the default retention policy of 72 months, select Mark as Complete and the step will be flagged as finished.

This step is for the archiving service.

This step is required to configure your mail server to journal messages to the archiving service. Use the Archive Configuration link in this step to get the address to use for journaling. You will need to configure your mail server to journal messages to this address. Once you have completed this step, select Mark as Complete and the step will be flagged as finished.

This step is for all services.

This step is optional and is used to create and modify users of the system. Use the User Screen link in this step to navigate to the user management screen. To improve threat protection filter effectiveness, it is recommended that you import your users. Use the Import Users link in this step to navigate to the screen where you can import your users and see instructions on supported fields. Imports must be in CSV file format. Once you have completed this step, select Mark as Complete and the step will be flagged as finished.

It is recommended that you configure permissions for each user. Until the permissions are modified, the users will only have default permissions when they log into the service.

This step is for the encryption service.

This step is required to define encryption policies. Encryption policies determine which messages should be encrypted. Use the Encryption Policies link to navigate to the screen to define your policies. Once you have completed this step, select Mark as Complete and the step will be flagged as finished. It is also recommended that you update your pre-defined encryption filters to get the most current filters available by contacting Zix customer support by sending an email to support@zixcorp.com.

This step is for the inbound threat protection service.

This step is optional but required to take advantage of the message retraction feature. Message retraction enables an administrator to remove malicious emails from Office 365 inboxes when identified after delivery of messages. To use this feature you will need to provide information about your Office 365 setup. Use the Message Retraction link in this step to navigate to where you can configure this information. Once you have completed this step, select Mark as Complete and the step will be flagged as finished.

This step is to make sure you have correct contact information.

This step allows you to update the name, email address, and phone number for an Administrator, Billing, and Technical contact. It's recommended that at least one of your email addresses is not at a domain using this service in the case we cannot reach your email server and need to contact you. It's also recommended to have at least two contacts for your organization.