Every Address, Every Email, Every Time
Email Security By Outlook
Have Microsoft Outlook:
- Assure your company email cannot be seen on the Internet,
- improve your GDPR, HIPAA, PCI, CCPA compliance,
- remind your users about email security,
- and make them active security testers,
- all without doing any more than you are already doing,
- by embedding CheckTLS.com directly inside of Outlook.
The CheckTLS Outlook Add-in:
- Checks every recipient on every email on every send,
- automatically just by clicking the same Send button as always,
- seamlessly since Outlook still sends the message,
- and almost invisibly unless something is wrong.
When you click Send in Outlook, a small window pops up on top of Outlook that shows the Add-in is working:
As long as all of the addresses are secure, the popup disappears and the email is sent.
But, if one or more addresses are not secure, the popup stays visible, stopping the email from sending. It erases the good addresses shows just the insecure addresses:
As you can see, the popup lets you choose what to do with this email, now that you know that one or more recipients is not secure.
How to Try and Buy
- Fast - only stops the user if an email is unsafe
- Easy - works automatically: the sender and receiver do nothing
- Easy - no additional hardware, no extra steps
- Safe - checks every recipient on every email every time
- Safe - the user can override and send anyway
- Secure - does not read or copy email contents
- Secure - uses only recipient domains (stuff after the @)
- Secure - domains and results are encrypted in transit
- Secure - every user becomes a security tester
- Control - the user chooses what to do with unsafe email
- Low Cost - under $1 per seat in quantity
- Effective - the failures it finds are surprising
- Effective - send to no one if any one fails
- Effective - reminds every user to be security conscious
- Convienent - know right away, don't wait for a bounce
- Compliance - one product covers many bases
- Customizable - you decide minimum TLS version, ciphers, etc.
- Any Language - you can translate all buttons and prompts
The Sender is Responsible for Encryption
When you send an email, you are responsible for making sure that email is secure as it goes over the Internet.
Email uses TLS encryption to make sure no one can read email on the Internet. Yet email is designed to "get the mail through" no matter what, so your email will switch to plain text if encryption fails for any reason. (You can check that your email will "get the mail through" at .)
So no matter how good your email system is, the other side can cause your emails to be out on the Internet in plain text.
Email Security Compliance
The Add-in can satisfy HIPAA, PCI, GDPR, etc. requirements. It is immediate, at-the-source, email security compliance.
Email Security Compliance Reporting
Add-in licensees can query their compliance tests by target, by date range, by user, and by combinations thereof.
If you configure the Add-in to use USERNAME and COMPUTERNAME instead of the GUID (remember the GUID is a one-way hash), you can query by user on every email you send!
Puts A Person In Control
If there is a security problem, the Add-in stops the email from going to anyone and it lets you decide what to do. You can make the email safe by removing the problem email recipients or removing the confidential information. Or you can choose to not send the message at all, or you can decide to take the risk and send the message anyway.
You make the decision what to do with email security problems immediately, while the email is fresh in your mind, not later when a bounce comes back.
No More Scattered Emails
If you have ever replied-all to a group message, only to have a bounce or two come back, you know what this means. When you get a reply-all bounce, you realize that the original message also bounced, so some people never got the original message. The same is true for in-line encryption devices and services. They return a copy of the original email for each addressee that is not secure, and they do nothing to inform the rest of the group that someone(s) did not receive the email.
With this Add-in there are no bounces. You remove the insecure address or remove the confidential information and eliminate the problem before it happens.
My Company Needs Strict Compliance
We can customize the Add-in to meet the strictest email policies.
It can remove the option to Send Anyway, so users cannot send to insecure email address.
It can log all insecure sends, including the email content, allowing you to review all exceptions.
It can route email addressed to insecure domains through another email service, for example requiring the recipient to login to a portal to retrieve their secure message.
Is It Really HIPAA/GDPR Compliance?
Compliance requires that protected information is not readable by anyone but the intended recipient.
For email, an acceptable way to do that is to use TLS encryption during transport. For modern email systems, that means making sure that both sides (send and receive) have TLS properly setup and enabled.
Since you have control over your email, and you (should!) know when it changes, you only need to verify that you send email using TLS once, and then every time you make a change. Our is a fast and easy way to verify that you use TLS to send email.
Since you have no control over everyone else's email, use the CheckTLS Outlook Add-in to check the receive side each time you email something.
When you know that both sides use TLS, you know that your email will be encrypted, and you are compliant with your email transport security requirements.
And since this site focuses on testing, we also suggest you test both how you send () and how you receive () email regularly, because no matter how sophisticated your email security device(s) are, if they fail they can silently fall back to plain text email and you may never notice.
A final note on security: For organizations with strict security requirements beyond just "TLS, yes or no", such as the acceptable version(s) of TLS and ciphers, the tests on this site, and the Add-in, can enforce those as well.
How Does It Compare to Other Solutions?
There are several solutions for assuring you send email securely:
- In-line Security Devices
- These are network devices that are attached between your email server and your Internet connection. All of your email goes through the device, which makes sure it is encrypted when it goes onto the Internet.
- Cloud Security Services
- These are Internet services that go between your email server and the Internet. All of your email is "tunneled" to the service, which makes sure it is encrypted when it goes onto the Internet.
- End-to-end Encryption
- This is extra software you put on every device that can send email, for example user's computers, phones, etc. Your customers also have to put the extra software on their devices to read your email. It encrypts the email right on your device and only un-encrypts it on the reader's device.
- Email Outsource
- This is a service like G Suite that moves all your email to the cloud.
- Mandatory TLS
- This is a feature of every modern email server. All you have to do is turn it on. Similar to a security device, this forces every email connection you make to be encrypted. It also means you cannot send email to anyone who does not use encryption.
- CheckTLS Add-in
- This checks right before you send an email if it can be sent securely, and gives you options for what to do if not. See the rest of this page for more information.
- Test and Audit
- This uses services available from CheckTLS to make sure email security is working. See Compliance for more information.
How They Compare (higher is better)
Higher numbers are better, Features are listed in order of importance.
|Ease of Operation||7||2||3||6||4||5||1|
|Foreign Data Issues||7||7||7||7||1||1||7|
|Can See Your Email||7||7||7||1||1||1||1|
|Adds Point of Failure||6||7||5||1||3||2||4|
|Ease of Setup||7||6||4||3||5||2||1|
|Ease of Maintenance||4||2||3||7||6||5||1|
Comparison Table Explanation
Most of the rows of the table are a stack ranking of each option with respect to that issue. The last few are yes/no, so are scored as 7 or 1.
- How effective the option is at guaranteeing email will be sent securely. All options can meet your security requirements, but some are better than others.
- How well the option handles success and failure. For example, asking what to do with the entire email is better than returning just one recipient to the sender.
- The cost of each option.
- Ease of Operation
- Does it make it harder for your users to send an email.
- Foreign Data Issues
- Does or could any of your data be stored or transported out of your country.
- Can See Your Email
- Does it get a complete copy of your email.
- Customer Affecting
- Do your customers (the people you send email to) also have to do something to use the option.
- Adds Point of Failure
- Is there something extra that could fail and take down your email.
- Ease of Setup
- How hard is it to install and configure the option, and if required, to move all your email to it.
- Ease of Maintenance
- How hard is it to keep the option in compliance, for example do you have to add new domains to it every time you email someone new.
- Security Risk
- Does it increase the chances of a breach, say by adding another device or supplier that could be hacked.
We welcome feedback on this analysis!
The Add-in protects your information and is very safe to install. It does not send email addresses, and it runs inside a Microsoft's ClickOnce "sandbox" on your PC.