Encrypting Emails
Question asked by Francis Gibbons - November 29, 2017 at 10:51 AM
Hello All,
I am using Smartermail 15.5 on a Windows 2012 server. I wanted to know is there a way to encrypt mail being sent out of Smartermail webmail/mobile/Outlook? If so can someone provide a walk though or resource on how to do it? And what are the pros/cons of doing this and how does it get de-encrypted on the receiving side?
If smartermail doesn't support encrypting emails is there a third party service that does and works with smartermail to encrypt emails?
Thank you,
Frank G.

4 Replies

Reply to Thread
Frank, I don't believe you can directly encrypt the contents of your emails OOB. Your best bet for ensuring encrypted traffic during transmission is to add an SSL certificate to your SMTP port definition, and make TLS mandatory on SMTP. This will ensure your server will use an encrypted session during send/receive operations so long as TLS/SSL is supported on the remote end point.
Kyle Kerst Cameron Solutions LLC www.cameron-solutions.com
Adding a Security Certificate and enabling TLS in Smartermail Enterprise will encrypt messages IN TRANSIT but it will not encrypt them AT REST. If you are needing HIPAA Compliance for Required Providers (as opposed to Addressable Providers for which AT REST encryption is optional), for example, then you would need to use S/MIME or OpenPGP in supported MUA email clients (Outlook, Thunderbird, Apple Mail, IBM Notes). Although SmarterMail does handle the delivery of S/MIME & OpenPGP encrypted emails it can neither display nor create AT REST encrypted emails from within the webmail client itself. 
In practice S/MIME & OpenPGP are clumsy at best. We have had only a handful of clients try using it and have all met with frustration as it involves getting a personal Email Certificate to install in their MUA email client and then exchanging Public Keys with their contacts that they want to encrypt emails to by using signed email signatures. Once you have exchanged keys with a contact it is easy however as you can either chose to encrypt & sign all outgoing messages in your MUA email client, or in some cases enforce this as a Domain Policy. Especially since personal Email Certificates need to be renewed annually (just like any other kind of Security Certificate) this becomes troublesome for many end-users, especially if they get a new computer and didn't export their Private Key, resulting in the inability to read encrypted messages sent to them previously...as well as keeping the Public Keys for contacts updated on an annual basis.
Step-by-step instructions for setting up Outlook to use S/MIME encryption can be found at https://www.comodo.com/support/products/email_certs/outlook.php. Comodo is the only provider that I am aware of that offers free personal Mail Certificates so we tend to suggest them to our Smartermail users.
Alternately you can use a third-party secure Messaging Portal or a service that provides Incoming/Outgoing Gateway Encryption over SMTP TLS although in many cases this requires the recipient to login to those third-party services to access the encrypted email.
If anyone is looking for a less configuration required solution that is proven to work reliably there is zixmail. I have a handful of customers that use it. Zix offers both a standalone email client as well as an Outlook plugin that connect to zixmail servers for the encryption key exchange. All this comes at a cost as opposed to OpenPGP etc. but for those not wanting to learn the ins and out of key generation and cipher requirements, it's a good option.
I have a related question. We are new to this, but handle some confidential information, and have to get up to speed.
We have SSL on the mail server. Everyone is encouraged to use the Smartermail interface as opposed to MAC mail to access mail on their desktop (because right now I can't find out if MAC mail is secure). Cell phones are a problem. If people are using their cell phone app, rather than the smartermail mobile interface - does the SSL still apply?
Also, what about if you are accessing your email on your phone via the Smartermail mobile interface, and it is coming up Http://  instead Https://

Reply to Thread