Configuring SecureMail

Updated 6 months ago by admin

SecureMail is an add-on for the Email Security product that allows users to send an email message that can only be viewed and responded to from within a secure web based dashboard. This is particularly useful for sending sensitive messages that should not be stored in the recipients inbox, like a traditional email message would be. SecureMail is convenient - the sender only has to compose a new mail in their favourite email client (Outlook, Outlook Web Access, iOS Mail, etc) and meet the trigger criteria for it to be automatically converted to a link that the recipient can use to view the message securely in the web dashboard.

Please contact your service provider to activate the Securemail add-on if it is not already available

Configuring the SecureMail Trigger Rule

When the SecureMail license is added to your account a new Message Rule will be generated with the title SecureMail and it will appear in the Message Rule list in between the Deliver Inbound and Deliver Outbound rules. The rule will have a special final action of "Secure Deliver".

Navigate to Products, Email Security and then Message Rules to view the rule.

The rule can be edited and moved however it should be placed before the Deliver Outbound default rule to avoid unexpected behaviour.

By default, a new Custom Rule Data regular expression entry is created containing the trigger word [secure] which is then attached to the Subject rule condition. This means that for the message to be processed by SecureMail, the sender should include the [secure] trigger word somewhere in the message subject. The rule can be edited, for example if you prefer the keyword to trigger on the message body, or use an entirely different trigger such as a special header or list of sender email addresses.

The trigger word can be edited by navigating to the Products, Email Security and then Custom Rule Data section and clicking the SecureMail Trigger entry.

Configuring Securemail Settings

Navigate to Products, Email Security, Product Configuration and click the SecureMail Settings option.

Please note it may take several minutes for the setting to take effect once changed.

The settings control the behaviour of the SecureMail experience for recipients.

Please note that a SecureMail external user may interact with multiple separate organisations that are participating in the SecureMail service. This is rare but allowed (see SecureMail Concepts Explained) however they will be bound by the account settings for the first organisation that emailed them (this is their "home" account). This applies to a subset of settings such as 2FA enforcement.

General

  • Read Receipts - check this option if the sender should receive a read receipt when the recipient has opened the message.
Securemail has the concept of internal and external recipients, however for most use cases, the external recipient will be the most common, and permissions for both types will be the same. You can review the article explaining the difference between internal and external users.
  • Internal user permissions - check the permissions that an internal user should have when replying to a SecureMail message, such as the ability to add a CC or Forward address. In most cases, these will be the same as the External user permissions. These permissions apply to all SecureMail Messages that are sent.
  • External user permissions - check the permissions that an external user should have when replying to a SecureMail message, such as the ability to add a CC or Forward address. In most cases, these will be the same as the Internal user permissions. These permissions apply to all SecureMail Messages that are sent.
  • External users are required to use 2FA - if enabled, external users will be required to set up two-factor authentication using a cellphone (SMS text delivery) before they can log in to their SecureMail account. If the external user existed before this option was enabled, they will be required to add two-factor authentication on their next sign-in. Enforcement is based on the original home account of the external user (see note about the "home" account above).
  • Send a copy of replies via SMTP - if enabled, reples from SecureMail users will be delivered via SMTP instead of requiring access to the portal. Use caution - this feature is for certain use cases where the message content can be delivered as a standard email.
  • External interface base domain - (read only) the base domain of the SecureMail dashboard used by external users to view and respond to secure messages. Please contact your service provider for further information.
  • Secure messages expires in - the number of days before secure messages will be automatically deleted. This includes replies, forwards and deletions for all members of the thread that partipate in SecureMail. Minimum period is 3 days, maximum is 365 days.
  • Admin email for notifications - an email address for system notifications such as password reset requests and auto-expiry notifications.

Templates

It is possible to fully customise the SecureMail templates using the inbuilt HTML editor. The following templates are available:

  • New SecureMail template - sent to the recipient when they receive a new SecureMail message.
  • SMTP Reply template - used if "Send copy of replies via SMTP" option is enabled but the system was unable to deliver the email to the recipient mail server.
  • Read Receipt template - sent to the sender when the recipient opens the SecureMail message for the first time (if the Read Receipts setting is enabled).
  • Confirm Registration template - sent to the recipient after they have registered for access to SecureMail.
  • Registration Activation template - sent to the recipient when their SecureMail account is ready to use.
  • Auto Expire Notification template - sent to the sender when their SecureMail message is about to expire based on the "Auto-Expiry" option. If more than one message is due to expire, this template will include a digest of all messages.
  • User reset password started notification - sent to the recipient when they begin a password reset flow via "Forgotten Password" link.
  • Admin reset password started notification - sent to the administrator, if specified, when an external user requests a password reset. This can be used for auditing.
  • User reset password finished notification - sent to the recipient when their password reset is successful.
  • Admin reset password finished notification - sent to the administrator, if specified, when an external user successfully resets their password. This can be used for auditing.

When creating templates a number of built in placeholders are available:

Placeholder

Description

$SUBJECT$

The subject of the secure message being sent

$RECIPIENT$

The recipient of the secure message

$LINK$

The link for the recipient to press. This will be in the context of the template in use.

$EMAIL_DATE$

This is the UTC timestamp of when the secure email message was sent.

$TIMESTAMP$

The UTC timestamp of when a message was opened. This is used typically in the Read Receipt template.

$IPADDRESS$

The public facing IPv4 address of the user

$COUNTRY$

The country name determined from the IPv4 address

$CITY$

The city name determined from the IPv4 address

$DAYS$

For Auto-Expiry, the number of days before expiry

Composing a new SecureMail message

The sender should simply compose a new message in their normal email client (i.e. Outlook, Outlook Web Access) and ensure the trigger conditions are met. By default, the trigger condition is that the subject should contain the pattern [secure].

Secure messages cannot be sent to recipients within your own email domain(s). For a message to trigger the SecureMail service it must be sent outbound through the Email Security MTA to the recipient.


How did we do?