CheckTLS Outlook Add-In Security

Is It Safe To Use?

The Add-In does not look at the content of any email. It does not look at email addresses; it only uses the domain part (the part after the "@"). It calls a WebService on our servers, sending only the domain and your authentication (license) information.

The WebService returns an XML document with the TestReceiver score.

We can provide examples of the source code of the WebService call and the return XML document upon request.

Is It Safe to Install?

The Add-In uses Microsoft's ClickOnce deployment.

ClickOnce install is very safe.
It requires an authenticode certificate issued to SecurEmail LLC that signs every file in the installation. This certificate is not stored on our web servers, so a security breach of our servers cannot hack your Add-In.

ClickOnce applications uninstall easily and safely.
Microsoft makes sure you can uninstall the Add-In, delete all its files, and remove all traces of it with Windows Add/Remove Programs.

ClickOnce applications are very safe.
From the Microsoft documentation:
Because ClickOnce applications are isolated, installing or running a ClickOnce application cannot break existing applications. ClickOnce applications are self-contained; each ClickOnce application is installed to and run from a secure per-user, per-application cache. ClickOnce applications run in the Internet or Intranet security zones.

ClickOnce applications install their own DLLs.
ClickOnce applications copy any Microsoft .NET DLLs they need into this per-user, per-application cache. The ClickOnce application will not interfere with any other program's files or DLLs.

Can It Break Outlook?

Microsoft automatically disables any add-in that fails. Add-ins are even disabled if they take more than a second or two to load.