Here are some of the most frequently asked questions about DataMotion SecureMail:
There are two (2) account types: a commercially available account and a free recipient account:
|Commercial Account||Free Account|
|Disk Space (MB)||500||250|
and Send Messages
|Yes||No. Reply only to the sender of
the SecureMail message
|Message Expiration Period||1 Month – 2 Years||1 Month|
|Message Delivery Options||Web, PDF, POP3, and
Secure Plain Text via TLS
The first step to using SecureMail is to establish your account and password. This can be done by either purchasing an account from DataMotion or receiving a SecureMail message from another user of DataMotion SecureMail. When your account is created, you will be sent an email notification to login and setup a password.
Navigate to the DataMotion Portal site //ssl.datamotion.com, enter your email address and password in the logon window and click Enter to login.
During initial setup of your SecureMail account, you will be prompted to select a delivery method such as encrypted PDF push and web delivery. You always have the option of changing it later on through your Preferences.
Click on the “Forgot password” URL on the SecureMail portal. An email message will be sent to your designated email account with a link to change your password.
Your mailbox space is counted using the messages SENT from your account, not received.
The default mailbox size is 500MB. Mailbox sizes up to 2GB are available at an additional charge.
Yes, messages do expire. To protect the sensitive nature of your messages, the DataMotion SecureMail system stamps each message you send with an expiration date. By default, SENT messages expire after 1 month or 30 days. The DEFAULT maximum expiration period of your sent messages can be extended up to 2 years. Increasing your default expiration period will cause your mailbox to fill up quicker. There is also the option to change the expiration period on a PER message basis.
After a message has expired, the contents and any attachments associated with that message will no longer be available. Metadata of the message will still be available forever in the form of message tracking and reporting.
DataMotion SecureMail provides advanced message delivery tracking capabilities such as informing the sender when each message is received and opened, as well as when each individual attachment is opened. This information is available to each user as well as to the system administrator as part of the TotalView reports.
While SecureMail does not have archiving built-in it can be configured to work with an existing archiving solution.
The default limit is 500 emails per day, which is counted against the individual recipients, i.e. it can be 1 message sent to 500 addresses, or 10 messages sent to 50 addresses, etc. This was done primarily to prevent abuse (SPAM). This number can be easily adjusted to fit your business needs.
One message can be sent to 500 recipients at a time.
When you login to your SecureMail account, you will be taken to the Member Center. Click on the Compose on the left hand side of the nav bar or in the Messages & Files section of the Member Center.
SecureMail is optimized for all mobile devices, and does not require an app to be installed. A mobile version of the website is available without losing the core SecureMail functionality.
With DataMotion SecureMail for Microsoft Office 365, users are able to send secure messages from their email clients of choice by simply inserting a predefined word or phrase in the subject line and clicking send. DataMotion SecureMail for Office 365 is easy to use because it integrates with applications, mobile devices and systems already in use without the need to install special applications or exchange encryption keys. For additional information on Office 365 integration, please contact your DataMotion Account Representative.
DataMotion SecureMail for Google AppsTM service allows sensitive data to be securely exchanged with customers, business partners and vendors. It’s easy to use since SecureMail integrates with applications, mobile devices and systems already in use, without the need to install special apps or exchange encryption keys. For additional information on Google AppsTM integration, please contact your DataMotion Account Representative.
SecureMail has the following benefits over S/MIME:
- It can be used to send encrypted emails to anywhere in the world regardless of whether the recipient is a subscriber or not.
- Enables non-registered recipients to reply with secure messages
- Does not require any setup or key exchange in order to be enabled for use
- Scales seamlessly for 100s or 1000s of users
- 100% secure with any and all web, desktop and mobile clients (see article above)
- HIPAA and HITECH compliant
In addition, SecureMail handles attachments up to 2 GB and provides tracking capabilities superior to most of the currently available email solutions.
The following browsers are supported in the desktop version: IE, Chrome, Safari, and Firefox. Mobile devices supported are iOS, Android, and Blackberry.
The SendSecure add-in application for Microsoft Outlook installs a Send Secure DataMotion button above the standard send button in the Outlook client. It enables one-click sending of encrypted email messages. SecureMail Desktop users can click the Send Secure button instead of the standard Outlook Send button when composing a new message, replying or forwarding a message. Attachments can be added in the normal manner. The Send Secure button routes the message and attachment(s) to the SecureMail service for encryption and secure delivery to the listed recipients.
The add-in is compatible with Outlook 2007, 2010 and 2013.
The add-in is linked to a single email account. Other email accounts could use a POP3/SMTP connection to the SecureMail SaaS or SecureMail Gateway (outgoing connection, incoming connection would be to the SecureMail SaaS or a corporate POP3 account) to provide similar functionality, but sending from non-linked accounts using the SendSecure button is not supported.
The add-in is abstracted from most protocol issues by Outlook. In practice, it has been compatible with a strong majority of current Exchange, POP3 and IMAP connections to email servers. There is a known compatibility issue with Microsoft ActiveSync and Google Apps Sync (MAPI) accounts, which are not supported by the SecureMail add- in.
The Outlook add-in can be configured to route secure messages to the DataMotion SaaS in three (3) different ways:
Client Side Encrypting: In this version of the add-in the message is sent as an encrypted payload to the DataMotion SaaS for processing. An additional feature of the add-in is that it downloads an unencrypted version of the message from your SecureMail inbox directly to your Outlook inbox. This version of the Outlook add-in does not require the DataMotion SecureMail Gateway.
Server Side Encrypting: This version of the add-in redirects a secure message over an encrypted channel to the DataMotion SaaS. This version of the add-in requires the DataMotion SecureMail Gateway to process and redirect the message.
Subject Line Tagging: If your policy is not to modify message headers for secure messages, then the tagging option is also available. With this option, a tag is added to the subject line of a message which can be scanned by the Gateway, and routed securely to the DataMotion SaaS. When the Gateway recognizes the tag in a subject line, it strips it out before the message is forwarded to the DataMotion SaaS.
Note: In order to implement the tagging option, ALL of your messages will need to be routed through the DataMotion SecureMail Gateway.
The SecureMail add-in has proven to be compatible with the majority of Outlook add-ins. A small number of issues have been observed with add-ins that add a long delay to the boot-up of Outlook.
Yes, the add-in can be deployed via a centralized means such as Group Policy Object. For additional details, please contact a DataMotion support engineer.
The tagging version of the Outlook add-in can be deployed in virtual desktop environments such as Citrix, VMWare, etc.
Opportunistic Transport Level Security (TLS) means that a server will accept TLS connections from the client if the client asks for TLS in its handshake, but it won’t require it. DataMotion does not rely on opportunistic TLS for outbound emails because we consider it a risky approach to completely rely on TLS based on the fact that the recipient advertises it. TLS only encrypts the message while in transit, not sender-to- recipient. For example, a recipient may have an antispam solution (e.g. Postini) that advertises TLS as the 1st hop, after which they send messages to their recipients in the clear.
There are three parts to HIPAA compliance as it pertains to the exchange of protected health information data (PHI): Privacy, Security, and Accountability.
- The Privacy Rule – covered entities must control and limit access to the data only to those who need to use it – authorized personnel.
- The Security Rule – covered entities must adequately protect the data from accidental exposure to, or theft by, unauthorized persons.
- Accountability Principle – covered entities must understand their responsibilities and be accountable for Security and Privacy when sending, receiving, storing or using data.
SecureMail supports full compliance with all HIPAA Security Rule components for the exchange of PHI data via encryption and messaging tracking. It also supports the HIPAA Privacy Rule components, but only to the extent that the recipient is an authorized person (a SecureMail message containing PHI can be sent to an unauthorized person via a user error or misuse). SecureMail supports the Accountability Principle to the extent that its use demonstrates a reasonable effort to treat the exchange of PHI responsibly.
SecureMail Gateway safeguards sensitive email messages by automatically scanning all of your company’s email for compliance, and applying policy-based secure mail encryption.
The DataMotion SecureMail Gateway safeguards sensitive email messages by automatically scanning all of your company’s email for compliance, and applying policy-based secure mail encryption. It is a policy-based content filtering engine that provides an essential safety net. DataMotion’s SecureMail Gateway automatically detects sensitive information that has been sent as outbound email and routes it for secure delivery. This frees your employees from worrying about the do’s and don’ts of email compliance and ensures strict policy enforcement across the entire organization.
The Gateway has some of the most common PHI and PII rule patterns built-in, including financial policy rules, healthcare rules, and personal identifying information rules.
Additional built-in rules include tags to scan a subject line of an email and take the appropriate action.
There are multiple actions that can be specified when a condition is matched. Some of the common ones are to send the message securely, route the messages to another SMTP server, and delete the message. In any of these cases, the sender and other individuals (administrators, managers) can be notified by the Gateway.
The DataMotion Gateway includes the ability to use Regular Expressions for pattern matching, as demonstrated by many of the pre-configured rules. You can create custom rules using your own set of Regular Expressions as well. While the Gateway has the most common PHI, PII, and HIPAA compliant patterns built-in and tuned over DataMotion’s years of experience, it is flexible enough to give you free reign over writing your own patterns (rules). The Gateway is also capable of exact matching; meaning you can create a flat file with the exact keywords that you wish the Gateway to scan.
Depending on the nature of your mail flow, the DataMotion Gateway can easily be incorporated into your existing infrastructure with minimal disruption. There are a variety of different architectural options as to how the Gateway can fit into your environment. For additional details, please request the Gateway Mail Flow document from your DataMotion Account Manager.
Yes, the Gateway can be installed in an active / passive cluster, VMWare or in a load balanced configuration.
No. The Gateway routes messages based on content, and is NOT a replacement for your current email system.
Typically, your mail server routes messages to an outbound Edge Mail Server for final delivery. When you are ready to deploy the Gateway into production, simply direct your mail server to route messages to the Gateway, instead of the Edge Mail Server.
We will configure a route on the Gateway to deliver all non-secure messages out through your Edge Mail Server. Note: If your Edge Mail Server has IP restrictions, modify its access and relay list to allow the Gateway to route messages.
There are various methods such as implementing user groups and rules whereby you can control your SecureMail accounts.
The message will be received by the DataMotion SaaS, and will sit in the ‘Drafts’ folder of the sender’s account. The sender will receive a notification that they do not have permission to send a message and to contact their IT administrator. Once their account has been fully licensed, the message in the drafts folder will automatically be sent out. The sender does not need to resend the message.
The Gateway can be configured to deliver messages securely over Plain Text via TLS. Alternate methods of secure Plain Text delivery can be setup via the DataMotion SaaS.
Single Sign On
SSO with industry-leading Identity Providers offered by DataMotion follows strict security measures put in place by these vendors to protect their users. Ultimately, safeguarding access to user accounts (whether via SSO or regular user ID/password combination) is in the hands of users, who must take all necessary precautions so as not to compromise their account credentials.
DataMotion customers concerned about providing users within their companies with SSO, have an option to disable it for their licensed users (auto-created recipient users will still have it available).
Any users who use the Outlook Add-in that requires authentication or DataMotion APIs, must continue using their current authentication method with email/user ID and password.