There are three customization and tuning options for EmailSentry™:
We provide simple installation instructions with every EmailSentry™ license that your users can use to get started.
Like the MoreInfo page below, most companies will want to host their own installation instructions, using our simple instructions as a starting point.
The "MoreInfo" page is the link on EmailSentry™ popup window called "More Info".
The MoreInfo Page is your page. It should look like your other web pages, with your corporate look-and-feel. It should have content specific to your company and your use of EmailSentry™.
We provide a skeletal MoreInfo Page at the MoreInfo link we provided when we setup your subscription.
MoreInfo is where companies instruct their users how to use EmailSentry™, and more importantly, what to do if EmailSentry™ stops an insecure address. This ranges from telling your users
"If you are certain that there is no 'protected information' in the email you may use the 'Send Anyway' menu choice to send the message"
"When you click the 'Send Anyway' button the email will be held in our secure email portal and your recipient will have to login to our website to view their message. Please phone them and let them know if this is the first time you have emailed them."
"When EmailSentry stops and lists one or more domains that are insecure, you may not send any email to this address and you must find another way to send the information."
Your MoreInfo page should:
It can include content from any of these links, or the links themselves:
For smaller IT departments without the ability to make their own webpages, CheckTLS can make text changes to the skeletal MoreInfo page that we provide, and even do some simple customizations with a logo or something.
No matter where your MoreInfo Page is hosted, it will likely include your EmailSentry™ password, so it should be protected on a private area of your website or on your private intranet. If someone steals your password and starts using some of your licenses, we can reset it, but this will then require all your users to reconfigure EmailSentry™ (click the configure link on your MoreInfo Page and then click Send in Outlook). So, while having your password stolen will not cost you any money, it will cost you time and effort to reconfigure everyone’s PC. Take some care to protect your password and the webpages that include it in plain text.
When we host your MoreInfo Page, it is a private link that no one knows but you, so it is protected as long as you and your employees do not share it.
We can protect your license by limiting access to a range of IP addresses. If all your users are inside your corporate network, this is an almost foolproof protection for your license. But if any of your users do email from outside your environment, for example from a laptop they take home and to cafes, then this will not help. See AUTH below for more information.
The Config File controls two things: the EmailSentry™ Add-in itself, and the("TestReceiver") webservice that EmailSentry™ uses.
The Config File controls several EmailSentry™ settings:
The Config File allows you to enter translations for all the EmailSentry™ prompts and controls:
The Config File also controls the("TestReceiver") test that is the foundation of EmailSentry™. All of the options, and thus all the capabilities, of the test can be specified in a Config File.
As some of the settings for EmailSentry™ (above) have the same names as settings for, the Config File marks settings for by prefixing them with "a_". Case is important, it must be a lowercase "a".
The Config File has two parts: a Fixed Config File and an optional Live Config File. They are read every time Outlook starts. Both have the same XML format.
The Fixed Config File is stored on the user's PC and is loaded into Outlook every time Outlook starts. Because it is on the local PC, it is always available (even when the Internet is down) and loads almost instantly.
When a user configures EmailSentry™ (by clicking on the configure link and then clicking Send in Outlook), EmailSentry™ fetches a new Fixed Config File from our servers.
Most EmailSentry™ customers do not change their user’s Fixed Config Files very often, since it requires that each user does something (click a link and then click Send). If we are hosting your Fixed Config File, you can send us changes and we will install them within two business days (usually within a few hours).
For more control, you can store the Fixed Config File as a URL on your own servers. Send us the URL and we will have our servers redirect all configure requests from your users to that link. Be sure the URL is accessible from inside and outside your firewalls if users might have to configure EmailSentry™ from outside.
The Live Config File is stored on the Internet, your intranet, or some other network connection. Typically a URL, it is fetched every time Outlook starts. Settings in the Live Config File override settings in the Fixed Config File.
The Live Config File lets you tune EmailSentry™ without making your users click the (re)configure link: users just have to close and re-open Outlook to get Live Config File changes.
Because the Fixed Config File is local to the user's PC, it is always available and always works. We designed EmailSentry™ so that important and infrequently changed settings go in the Fixed Config File. That way EmailSentry™ works even if the Live Config File cannot be fetched.
The Live Config File is more flexible, albeit with some risk. Obviously, if the Live Config File cannot be fetched, its settings are ignored. Also there is the chance that if fetching the Live Config File takes too long, Microsoft will deem EmailSentry™ unresponsive and disable it. With EmailSentry™ Version 1.22 and above, this chance is greatly reduced. We provide instructions for how to re-enable a disabled Add-in at https://www.checktls.com/CsCheckTLS_OA/troubleshooting.html.
For any Config Files you host, your server must return a valid XML file with content-type=text/xml. We can send you a copy of your file from our server as your starting point.
This is the only required parameter in a Config File. Your AUTH code is unique to your license and it is how we control access to EmailSentry™.
AUTH is a public/private key encrypted combination of your CustomerCode, CustomerPass, and one or more IP address masks. See Shared Customer Information for info about CustomerCode and CustomerPass.
Your CustomerCode and CustomerPass are your Corporate Subscription permissions to the CheckTLS website. All EmailSentry™ licenses include a full Corporate Subscription to CheckTLS.
The IP address masks are used to limit use of EmailSentry™ and your Corporate Subscription to those specific IP addresses. For very security conscious organizations that only allow access to corporate assets from within their own controlled environment (i.e. network), this can be used to protect your EmailSentry™ license, and your access to any information, such as stored tests, as part of your Corporate Subscription.
It does preclude, obviously, any use of EmailSentry™ and the CheckTLS website, from anywhere but your network.
Every time EmailSentry™ checks a domain from an Outlook email it sends the email address, your Config File choices, and your AUTH code to our servers. We decode the AUTH with our private key and check that your CustomerCode and CustomerPass are still valid, and that the user's PC has a public IP address in one of the decoded IP address masks. If so, the test is run and results returned to EmailSentry™. If not, we return an error to EmailSentry™, which the popup then displays.
Here is a sample Config File:
<?xml version="1.0" encoding="utf-8" ?>
<RECONFIGUREURL>https://www.checktls.com/GetCsOAConfig?</RECONFIGUREURL> <!-- loaded on config email to code@CsOA.CheckTLS.com (replaces this file entirely so need AUTH node in it) -->
<CONFIGURL>https://www.checktls.com/CsOA/YourCode/CsCheckTLS_OA.xml</CONFIGURL> <!-- loaded every Add-In startup, is additive to RECONFIGUREURL settings -->
<TIMEOUT>30</TIMEOUT> <!-- CsOA HttpWebRequest -->
<a_TIMEOUT>11</a_TIMEOUT> <!-- TestReceiver TO -->
<!-- deprecated <MAXTHREADS>100</MAXTHREADS> -->
<MOREINFOURL>https://www.checktls.com/CsOA/YourCode/MoreInfo.html</MOREINFOURL> <!-- link displayed on popup -->
<POPUPURL>https://www.checktls.com/CsOA/YourCode/PopUp.txt</POPUPURL> <!-- messagebox that displays after any config file load -->
<T_Change>&Change This Email</T_Change>
<T_Delete>&Delete This Email</T_Delete>
<T_Send>&Send This Email Anyway</T_Send>
<T_CheckingRecipient>Checking Recipient Security</T_CheckingRecipient>
<T_TheseDomainsFailed>These domains failed CheckTLS:</T_TheseDomainsFailed>
<T_NewConfigFileSaved>New config file saved!
Please close and re-open Outlook.</T_NewConfigFileSaved>
<T_ConfigureTheAddIn>Please configure the CheckTLS Add-In
by sending an email to
There are a few hidden commands that we use to diagnose problems. They are triggered by entering special strings in the Subject: of an email and clicking Send. The email can be a live email that will be sent, or a dummy email, i.e. with an invalid address.
debug.debug.debug turns on debugging messages. EmailSentry™ will display information about what it is doing in popups as it processes the email. The email is sent. This setting stays on until you exit Outlook and restart it.
fullerrors.fullerrors.fullerrors displays all the information it has about an error it encounters. Normally error messages are summarized. The email is sent. This setting stays on until you exit Outlook and restart it.
path.path.path shows a one-time popup with the path to the Config File on the user's PC. The email is not sent.
version.version.version shows a one-time popup with the version string of EmailSentry™ installed on the user's PC. The email is not sent.
config.config.config puts the Config File contents and all internal config variables into the body of the email. You are returned to editing the email.
uid.uid.uid puts the user's unique UID (one-way hash of their USERNAME and COMPUTERNAME) into the subject of the email. You are returned to editing the email.
test.test.test runs the message in "test" mode: normal testing is done but the final pop-up is displayed even if no errors are found, and the user must choose Change, Delete, or Send anyway.