After Selecting Compose New,
Select OPTIONS on the Right.
Select SurgeVault to enable Encrypted Emails.
Warning, Retain Options will keep Encryption on for all emails.
Be sure to make Encrypt Blank to Disable.
The lock in the top left corner also toggles.

 

Outline

The SurgeVault encryption mechanism in SurgeMail allows the administrator to setup some rules for encrypting messages. If a message matches the defined rules then the message will be encrypted and the user is sent an encrypted version of the message or a link to the encrytped message. The destination user will be prompted to set a password if this is the first email they have received, then they are shown the decrypted message.

 To send an encrypted message you must be sending via a SurgeMail server, you can be receiving the message on any server and the encryption will work! You can then 'reply' to the encrypted message securely from any server, but you cannot 'initiate' a new email to someone else securely if your server does not have a feature like this.

 

I just got a message, how do I read it?

If the message has an attachment open it in your web browser, and then when it prompts for a password and watermark give it both. If you have already set a password in the past then you must use the same one. If your browser fails to decrypt the message click on the 'view online' link to decrypt the message via the 'sending' server.

 

How secure is it?

Very but with some restrictions, it's important that you understand what it does and doesn't protect you from.

 

In brief, it assures the 'sender' that the message is not intercepted AFTER it leaves the senders mail server. And it also assures the sender that 'only' the recipient can read the message. And it creates a log entry to show that the recipient 'did' read the message.

 

Here's a more detailed description of that:

  • The message is delivered to the destination user from the sending 'server' via secure encryption methods. The message cannot be intercepted and 'read' on the way past.
  • The message is not necessarily encrypted from the sending user to their server (although this is usually a local network and can be secure and it can be sent securely if the user has turned on SSL in their email client - so this step should not be a concern)
  • The first message sent to someone using this method can be intercepted and read by another user, but if so then the password will already be set and the real destination user will never be able to read the message. We recommend that you send first message to establish secure communications and then send the 'critical/sensitive' documents after the first message.
  • After the first message has been sent and the password has been set, then subsequent messages cannot be intercepted.
  • After the first message sent to a user the destination user will set a 'watermark' which will assure them that the subsequent messages are real and from the same person.
  • The administrator of the system from which the email is sent 'could' archive or otherwise intercept the message 'before' the encryption process begins.

    Encoding used

    AES 256 CBC mode with MD5 hash.

 

 

Copyright © 2017

Heart Of Tennessee
3235 Windsor Green Drive
Murfreesboro, TN 37129
Office: (615) 895-7737
Dial-Up: (615) 890-8715