EmailSentry™ Add-In Security

Is It Safe To Use?

EmailSentry does not look at the content of any email. It does not look at email addresses. It only looks at the domain part (the part after the "@"). All communication is via HTTPS, so all information is encrypted.

Is It Safe to Install?

EmailSentry can be installed as a Microsoft ClickOnce application.

EmailSentry install is very safe.
It requires an authenticode certificate issued to SecurEmail LLC that signs every file in the installation. This certificate is not stored on our web servers, so a security breach of our servers cannot hack EmailSentry.

EmailSentry can be uninstalled easily and safely.
Microsoft makes sure you can uninstall EmailSentry with Windows Add/Remove Programs.

ClickOnce applications are very safe.
From the Microsoft documentation:
Because ClickOnce applications are isolated, installing or running a ClickOnce application cannot break existing applications. ClickOnce applications are self-contained; each ClickOnce application is installed to and run from a secure per-user, per-application cache. ClickOnce applications run in the Internet or Intranet security zones.

ClickOnce applications install their own DLLs.
ClickOnce applications copy any Microsoft .NET DLLs they need into this per-user, per-application cache. The ClickOnce application will not interfere with any other program's files or DLLs.

Can EmailSentry Break Outlook?

No.

  • Microsoft automatically disables any add-in that fails.
  • Microsoft disables any add-in that takes more than a second or two to load.
  • Your entire EmailSentry installed base can be disabled with one change in one host file.
How and What Exactly Does It Send and Receive?

All communication between Outlook and CheckTLS uses HTTPS so is encrypted and only connects via port 443. Unlike any other test, it does not require opening port 25 (SMTP) to a PC. We can provide examples of the source code of the WebService call and the return XML document upon request.

Sent to CheckTLS

For every recipient on every email EmailSentry sends three things:

  • just the domain part of the address (not the full address)
  • authentication information (do you have a valid license)
  • your configuration settings (e.g. minimum TLS version, minimum score)

The authentication information contains these fields:

  • version of Add-in
  • user GUID
  • message GUID
  • AUTH string (public/private key encrypted)
    • CustomerCode
    • CustomerPass
    • IP Address Mask
The message GUID is a random unique identifier for the message. Depending on the HideUID config setting, the user GUID is either the Windows USERCODE and COMPUTERCODE or a random unique identifier. EmailSentry reports do not work if HideUID is turned on.

Received from CheckTLS

The WebService returns an XML document with the TestReceiver score: <CheckTLS> <eMailAddress>checktls.com</eMailAddress> <ConfidenceFactor quick="1" available="114" percent="100.00" max="121">114</ConfidenceFactor> <ConfidenceQFactor>114</ConfidenceQFactor> <OutputFormat>XML_Score</OutputFormat> <MXConfidenceFactor>60</MXConfidenceFactor> </CheckTLS>

Can EmailSentry Work With a Firewall Proxy Server?

Yes, just as you can configure your browser to route all URLs through your company's proxy server, EmailSentry can be configured to route its webservice call through your proxy server.

What Information Do You Keep About Our Email?

EmailSentry only uses the domain part of recipient (To:, CC:, BCC:) email addresses. It does not look at the user, subject, or body of the email. It cannot keep any of your confidential information because it doesn't have it.

We keep just enough data to provide the Usage Reports and Query Reports.