EmailSentry™ Add-In Security

Is It Safe To Use?

EmailSentry does not look at the content of any email. It does not look at email addresses. It only looks at the domain part (the part after the "@"). All communication is via HTTPS, so all information is encrypted.

Is It Safe to Install?

EmailSentry is a Microsoft ClickOnce application.

ClickOnce install is very safe.
It requires an authenticode certificate issued to SecurEmail LLC that signs every file in the installation. This certificate is not stored on our web servers, so a security breach of our servers cannot hack EmailSentry.

ClickOnce applications uninstall easily and safely.
Microsoft makes sure you can uninstall EmailSentry with Windows Add/Remove Programs.

ClickOnce applications are very safe.
From the Microsoft documentation:
Because ClickOnce applications are isolated, installing or running a ClickOnce application cannot break existing applications. ClickOnce applications are self-contained; each ClickOnce application is installed to and run from a secure per-user, per-application cache. ClickOnce applications run in the Internet or Intranet security zones.

ClickOnce applications install their own DLLs.
ClickOnce applications copy any Microsoft .NET DLLs they need into this per-user, per-application cache. The ClickOnce application will not interfere with any other program's files or DLLs.

Can It Break Outlook?

No.
Microsoft automatically disables any add-in that fails. Add-ins are even disabled if they take more than a second or two to load.

How and What Exactly Does It Send and Receive?

All communication between Outlook and CheckTLS uses HTTPS so is encrypted and only connects via port 443. Unlike any other test, it does not require opening port 25 (SMTP) to a PC. We can provide examples of the source code of the WebService call and the return XML document upon request.

Sent to CheckTLS

For every recipient on every email EmailSentry sends three things:

  • just the domain part of the address (not the full address)
  • authentication information (do you have a valid license)
  • your configuration settings (e.g. minimum TLS version, minimum score)

The authentication information contains these fields:

  • version of Add-in
  • user GUID
  • message GUID
  • AUTH string (public/private key encrypted)
    • CustomerCode
    • CustomerPass
    • IP Address Mask
The two GUIDs are unique identifiers for the user and message. They do not contain any information, they are just unique strings that we use to count users and emails.

Received from CheckTLS

The WebService returns an XML document with the TestReceiver score.

Can EmailSentry Work With a Firewall Proxy Server?

Yes, just as you can configure your browser to route all URLs through your company's proxy server, EmailSentry can be configured to route its webservice call through your proxy server.

What Information Do You Keep About Our Email?

EmailSentry only looks at the domain part of recipient (To:, CC:, BCC:) email addresses. It does not look at the subject or the body of the email, so it cannot keep any of your confidential information.

We keep just enough data to provide the Usage Reports and Query Reports.