Feature Request- Encryption for Messages
Idea shared by ActorMike - 8/25/2015 at 1:19 PM
Under Consideration
We have a lot of customers starting to ask about email encryption. It may be a good idea to figure out a way to partner up with someone to offer this service built into smartermail.

14 Replies

Reply to Thread
I second the motion!
Agree - this would be an excellent feature adding value to our customers and helping us provide a better service!
B.r Joakim Ribb South Brains AB www.southbrains.se
Not only that Office 365 now has this option built in. I have been losing clients because I cannot offer this service and they require it! PLEASE....
Yes, please.  I have several medical facilities that need this!
I need this as well!
Count me as another vote for S/MIME or PGP/MIME Support in the Webmail client.
Although email may be currently encrypted while in Transit via TLS/STARTTLS it is not encrypted while at Rest which is what is needed for HIPAA Compliance.
Right now, all of our customers who either require or desire full email encryption we are setting up with Outlook, eM Client, Thunderbird, or Apple Mail as they all support it when sending & receiving through Smartermail, but we make it clear that they can neither send or read encrypted mail in the Webmail if they opt to use encryption with these email clients. That's good enough for the majority of our customers, but a major disappointment/deterrent to others as Office365 offers this natively in their Webmail.
@Scarab - Would you mind giving a little more detail about what you add to Outlook and other clients for email encryption.

I regularly read your posts and trust your judgement.

Any direction you can point me/us would be appreciated.
All you need for sending & receiving S/MIME or PGP/MIME over SmarterMail SMTP/POP/IMAP/EWS/EAS using email clients that support it is a Mail Certificate/Digital ID issued by a Certificate Authority. Many CAs charge an annual fee for them, Comodo offers them for free, and with OpenPGP you can also create your own (although in the later case they won't be considered "Trusted" by any email clients that verifies the Certificate Chain or checks for revocation which pretty much reduces OpenPGP PGP/MIME being used for intra-organizational use only).

To be able to send and receive encrypted email messages with a supported email client, you need two basic things:

1. Digital ID (Mail Certificate): After obtaining a Digital ID you would install it in your email client (in Outlook this is done in the TRUST CENTER SETTINGS) . You would then share your Public Key (which is part of the Email Certificate) with the correspondents you wish to receive encrypted messages from by setting your email client to digitally sign all your outgoing messages.

2. The Public Key of the correspondents you wish to send encrypted messages to, obtained from manually exchanging Public Keys, from a Public Key Exchange Server, or from their digitally signed messages. No matter how it was obtained you would then add it to your Address Book/Contacts in your email client.

So, in addition to an email client that supports S/MIME and obtaining a Digital ID and adding it to your email client, it also takes both parties, sender & receiver, using digital signing to exchange keys prior to using encryption in order for it all to work...which oftentimes is easier said than done.

The two problems we have experienced with using S/MIME in Outlook/Thunderbird/Apple Mail:

1. With encrypted email only the Headers are readable without possessing the Digital ID. This can cause some MTAs and Antispam Content Filters to go nuts and regard the message as "blank" and having no legitimate content at all, resulting in them rejecting the email or flagging it as Spam (even ARM Message Sniffer in SmarterMail has problems flagging S/MIME encrypted email as "Spam" and holding it in Quarantine). I haven't seen any problems with digitally signed S/MIME messages that aren't encrypted however.

2. When the Digital ID expires, is replaced with a different Digital ID, or is lost (think of a customer who didn't backup their Keys and their computer dies, is lost or stolen, or they recycled it when they bought a new computer) then any encrypted messages previously sent or received are entirely unreadable...FOREVER. Once you receive a Digital ID you will want to RENEW it annually as renewing it will retain the same Keypair allowing you to continue to read previously received encrypted emails and without the hassle of your contacts having to update their Address Book/Contacts with your new Digital ID.

As you can see, it is rather complex using Mail Encryption and most customers who got so far as installing their Digital ID in their Mail Client rarely used it for anything other than digitally-signing their messages. I had one customer (a dentist office) who was FINALLY able to get one of their medical providers to send her encrypted email (after a half a year of trying) but all their other providers weren't able to figure out what to do with her digitally-signed email to send an encrypted email back and simply weren't savvy enough to digitally-sign their own emails so that they could be sent encrypted email.

Thanks so much for sharing you detailed reply. I had hoped that things had gotten easier over the years, but it's clear that this is still a complex issue that is hard to leave in unskilled users hands.
Tim Uzzanti Replied
Employee Post
E2E Mail is a beast, varies on implementation, industry is kind of in a state of flux, and is much harder than it looks.  Even Google's implementation that was announced in 2014 has been stalled due to the reasons above!
With that said, 17.x is not the right version for us to implement but were constantly evaluating.
Keep an eye out for the SmarterMail 17.x roadmap.  We should be releasing it in a couple weeks.
Tim Uzzanti CEO SmarterTools Inc. (877) 357-6278 www.smartertools.com

i try to send mail form my smartermail to gmail box,
it shows it does not have encryption,
is it normal and awaiting your new feature to protect it ?
or i miss some setting ?

Regarding mail encryption it would be great if you could have a look on our suggestion: https://portal.smartertools.com/community/a94423/automatic-pgp-and-or-smime-handling-pgp-backend-implementation.aspx

Reply to Thread