Every Address, Every Email

Email Security By Outlook

Have Microsoft Outlook:

  • make sure your email cannot be seen on the Internet
  • and meet many of your compliance needs
  • without adding anything to what you are already doing
  • put much of the power of the CheckTLS.com website into your PC
The CheckTLS Outlook Add-in checks for TLS encryption for every recipient on every email.

Features
  • Fast - it only stops you if an email is unsafe
  • Easy - it works automatically: you and your customers do nothing
  • Easy - no hardware, no extra steps
  • Safe - checks every message, every recipient
  • Safe - you can always override it and send anyway
  • Control - you choose what to do with unsafe email
  • Secure - your email is never read or copied
  • Secure - uses only recipient domains (stuff after the @)
  • Secure - domains are not logged or saved anywhere
  • Secure - domains and results are encrypted in transit
  • Low Cost - under $1 per seat in quantity
  • Effective - the failures it finds will surprise you
  • Effective - send to no one if any one fails
  • Compliance - one product covers many bases
The Sender is Responsible for Encryption

When you send an email, you are responsible for making sure that email is secure as it goes over the Internet.

Email uses TLS encryption to make sure no one can read email on the Internet. Yet email is designed to "get the mail through" no matter what, so your email will switch to plain text if encryption fails for any reason. (You can check that your email will "get the mail through" at //email/testMandatoryFrom:.)

So no matter how good your email system is, the other side can cause your emails to be out on the Internet in plain text.

You can use our //email/testTo: to check the other side, but just because it is secure today does not mean your email tomorrow will be safe.

Email Security Compliance

The Add-in can satisfy HIPAA, PCI, GDPR, etc. requirements. It is immediate, at-the-source, email security compliance.

Puts A Person In Control

If there is a security problem, the Add-in stops the email from going to anyone and it lets you decide what to do. You can make the email safe by removing the problem email recipients or removing the confidential information. Or you can choose to not send the message at all, or you can decide to take the risk and send the message anyway.

You make the decision what to do with email security problems immediately, while the email is fresh in your mind, not later when a bounce comes back.

No More Scattered Emails

If you have ever replied-all to a group message, only to have a bounce or two come back, you know what this means. When you get a reply-all bounce, you realize that the original message also bounced, so some people never got the original message. The same is true for in-line encryption devices and services. They return a copy of the original email for each addressee that is not secure, and they do nothing to inform the rest of the group that someone(s) did not receive the email.

With this Add-in there are no bounces. You remove the insecure address or remove the confidential information and eliminate the problem before it happens.

My Company Needs Strict Compliance

We can customize the Add-in to meet the strictest email policies.

It can remove the option to Send Anyway, so users cannot send to insecure email address.

It can log all insecure sends, including the email content, allowing you to review all exceptions.

It can route email addressed to insecure domains through another email service, for example requiring the recipient to login to a portal to retrieve their secure message.

Is It Really HIPAA/GDPR Compliance?

Compliance requires that protected information is not readable by anyone but the intended recipient.

For email, an acceptable way to do that is to use TLS encryption during transport. For modern email systems, that means making sure that both sides (send and receive) have TLS properly setup and enabled.

Since you have control over your email, and you (should!) know when it changes, you only need to verify that you send email using TLS once, and then every time you make a change. Our //email/testFrom: is a fast and easy way to verify that you use TLS to send email.

Since you have no control over everyone else's email, use the CheckTLS Outlook Add-in to check the receive side each time you email something.

When you know that both sides use TLS, you know that your email will be encrypted, and you are compliant with your email transport security requirements.

And since this site focuses on testing, we also suggest you test both how you send (//email/testFrom:) and how you receive (//email/testTo:) email regularly, because no matter how sophisticated your email security device(s) are, if they fail they can silently fall back to plain text email and you may never notice.

A final note on security: For organizations with strict security requirements beyond just "TLS, yes or no", such as the acceptable version(s) of TLS and ciphers, the tests on this site, and the Add-in, can enforce those as well.

How Does It Compare to Other Solutions?
Possible Solutions

There are several solutions for assuring you send email securely:

In-line Security Devices
These are network devices that are attached between your email server and your Internet connection. All of your email goes through the device, which makes sure it is encrypted when it goes onto the Internet.
Cloud Security Services
These are Internet services that go between your email server and the Internet. All of your email is "tunneled" to the service, which makes sure it is encrypted when it goes onto the Internet.
End-to-end Encryption
This is extra software you put on every device that can send email, for example user's computers, phones, etc. Your customers also have to put the extra software on their devices to read your email. It encrypts the email right on your device and only un-encrypts it on the reader's device.
Email Outsource
This is a service like G Suite that moves all your email to the cloud.
Mandatory TLS
This is a feature of every modern email server. All you have to do is turn it on. Similar to a security device, this forces every email connection you make to be encrypted. It also means you cannot send email to anyone who does not use encryption.
CheckTLS Add-in
This checks right before you send an email if it can be sent securely, and gives you options for what to do if not. See the rest of this page for more information.
Test and Audit
This uses services available from CheckTLS to make sure email security is working. See Compliance for more information.
How They Compare (higher is better)

Higher numbers are better, Features are listed in order of importance.

Feature Mandatory Audit Add‑in Device Service Outsource End2End
TOTALS 68 57 55 45 39 36 29
Effectiveness 7 1 2 6 3 5 4
Functionality 2 6 7 3 4 5 1
Affordable 7 6 5 1 3 2 4
Ease of Operation 7 2 3 6 4 5 1
Foreign Data Issues 7 7 7 7 1 1 7
Can See Your Email 7 7 7 1 1 1 1
Customer Affecting 7 7 7 7 7 7 1
Adds Point of Failure 6 7 5 1 3 2 4
Ease of Setup 7 6 4 3 5 2 1
Ease of Maintenance 4 2 3 7 6 5 1
Security Risk 7 6 5 3 2 1 4
Comparison Table Explanation

Most of the rows of the table are a stack ranking of each option with respect to that issue. The last few are yes/no, so are scored as 7 or 1.

Effectiveness
How effective the option is at guaranteeing email will be sent securely. All options can meet your security requirements, but some are better than others.
Functionality
How well the option handles success and failure. For example, asking what to do with the entire email is better than returning just one recipient to the sender.
Affordable
The cost of each option.
Ease of Operation
Does it make it harder for your users to send an email.
Foreign Data Issues
Does or could any of your data be stored or transported out of your country.
Can See Your Email
Does it get a complete copy of your email.
Customer Affecting
Do your customers (the people you send email to) also have to do something to use the option.
Adds Point of Failure
Is there something extra that could fail and take down your email.
Ease of Setup
How hard is it to install and configure the option, and if required, to move all your email to it.
Ease of Maintenance
How hard is it to keep the option in compliance, for example do you have to add new domains to it every time you email someone new.
Security Risk
Does it increase the chances of a breach, say by adding another device or supplier that could be hacked.

We welcome feedback on this analysis!

More Information

Information about how the Add-in works inside Outlook can be found here.

The Add-in protects your information and is very safe to install. It does not send email addresses, and it runs inside a Microsoft's ClickOnce "sandbox" on your PC. More information is available here.

Pricing information and a cost calculator can be found here.

The License Agreement can be found here.

Uninstall/Remove instructions can be found here.

Troubleshooting instructions can be found here.