Trigger proofpoint encryption using ZixSelect VPM client

Created by Yves Lacombe, Modified on Fri, 06 Mar 2020 at 12:08 PM by Yves Lacombe

More and more, Vircom has clients that are moving from Zix to Proofpoint for their full body encryption needs.  Instead of uninstalling all the Zix clients already in the field and installing the proofpoint plugin, it's possible to trigger the encryption of messages using the ZixSelect client already installed on the end-user's desktop machine.

It turns out the the client in question just adds a header element to an Email and that header element is used to redirect messages at the transport level to a ZixVPM encryption gateway.   Usually clients would create a rule somewhere in exchange or office365 to redirect Emails with that header element to the encryption gateway using a mail flow rule of some sort.

So with proofpoint, you can simply disable those mail flow rules and simply send all outbound Emails through proofpoint using proofpoint as your smarthost.

On the proofpoint side, to be able to intercept these "encrypt this Email" trigger, you need to create a custom outbound rule that basically says this:

if EMAIL Headers CONTAINS ANY OF x-vpm-select: select DO ENCRYPT

So if an Email transits through proofpoint coming from Exchange/O365 with that header element, it will trigger the encryption rule which in turn will send out an encrypted Email.  Example using the author's personal domain ( I have installed the ZixSelect client on my desktop ):

A few seconds, as the sender, I get a confirmation from proofpoint:

At the receiving end, I get a this (work email):

As the end user at the receiving end, I can click on the "View Encrypted Email" and login to a secure portal to retrieve my Email: