Exchange Server 2007 & Domain Security

  • Article

Exchange 2007 includes a new feature set that is named "Domain Security." Domain Security refers to the set of functionality in Exchange 2007 and Outlook 2007 that provides a relatively low-cost alternative to S/MIME or other message-level security solutions.

The purpose of the Domain Security feature set is to provide administrators a way to manage secured message paths over the Internet with business partners. After these secured message paths are configured, messages that have successfully traveled over the secured path from an authenticated sender are displayed to users as "Domain Secured" in the Outlook and Outlook Web Access interface.

Domain Security uses Transport Layer Security (TLS) with mutual authentication to provide session-based authentication and encryption. TLS with mutual authentication differs from TLS as it is usually implemented. Typically, when TLS is implemented, the client verifies that the connection securely connects to the intended server by validating the server’s certificate. This is received as part of TLS negotiation. In this scenario, the client authenticates the server before the client transmits data. However, the server doesn't authenticate the session with the client.

With mutual TLS authentication, each server verifies the connection with the other server by validating a certificate that is provided by that other server. In this scenario, where messages are received from external domains over verified connections in an Exchange 2007 environment, Outlook 2007 will display a "Domain Secured" icon.

For more information about how to plan for and deploy Domain Security in your organization, see White Paper: Domain Security in Exchange 2007

Reference(s):
https://technet.microsoft.com/en-us/library/bb691338(EXCHG.80).aspx
https://technet.microsoft.com/en-us/library/bb124392(EXCHG.80).aspx