SecureMail FAQs

Est. reading time: 1 minute

Here are some of the most frequently asked questions about DataMotion SecureMail:

SecureMail Desktop

What types of accounts are offered with DataMotion SecureMail?

There are two (2) account types: a commercially available account and a free recipient account:

Commercial Account Free Account
Disk Space (MB) 500 250
Initiate, Forward

and Send Messages

Yes No. Reply only to the sender of

the SecureMail message

Maximum Recipient/Day Unlimited 35
Message Expiration Period 1 Month – 2 Years 1 Month
Message Delivery Options Web, PDF, POP3, and

Secure Plain Text via TLS

Web only

How do I establish a DataMotion SecureMail account?

The first step to using SecureMail is to establish your account and password. This can be done by either purchasing an account from DataMotion or receiving a SecureMail message from another user of DataMotion SecureMail. When your account is created, you will be sent an email notification to login and setup a password.

How do I log into my DataMotion account?

Navigate to the DataMotion Portal site https://ssl.datamotion.com, enter your email address and password in the logon window and click Enter to login.

Do I have different delivery options, or am I limited to only the web portal?

During initial setup of your SecureMail account, you will be prompted to select a delivery method such as encrypted PDF push and web delivery. You always have the option of changing it later on through your Preferences.

What if I forget my DataMotion SecureMail password?

Click on the “Forgot password” URL on the SecureMail portal. An email message will be sent to your designated email account with a link to change your password.

How is my DataMotion SecureMail mailbox space counted?

Your mailbox space is counted using the messages SENT from your account, not received.

What is the mailbox size limit?

The default mailbox size is 500MB. Mailbox sizes up to 2GB are available at an additional charge.

Do messages expire? And if so, when?

Yes, messages do expire. To protect the sensitive nature of your messages, the DataMotion SecureMail system stamps each message you send with an expiration date. By default, SENT messages expire after 1 month or 30 days. The DEFAULT maximum expiration period of your sent messages can be extended up to 2 years. Increasing your default expiration period will cause your mailbox to fill up quicker. There is also the option to change the expiration period on a PER message basis.

Will I be able to access my SecureMail messages after they expire?

After a message has expired, the contents and any attachments associated with that message will no longer be available. Metadata of the message will still be available forever in the form of message tracking and reporting.

What message delivery tracking capabilities are available with DataMotion SecureMail?

DataMotion SecureMail provides advanced message delivery tracking capabilities such as informing the sender when each message is received and opened, as well as when each individual attachment is opened. This information is available to each user as well as to the system administrator as part of the TotalView reports.

Can I use SecureMail for archiving?

While SecureMail does not have archiving built-in it can be configured to work with an existing archiving solution.

How many messages can be sent per day and how is it counted?

The default limit is 500 emails per day, which is counted against the individual recipients, i.e. it can be 1 message sent to 500 addresses, or 10 messages sent to 50 addresses, etc. This was done primarily to prevent abuse (SPAM). This number can be easily adjusted to fit your business needs.

How many recipients can a single message be sent to?

One message can be sent to 500 recipients at a time.

How do I create a new SecureMail message?

When you login to your SecureMail account, you will be taken to the Member Center. Click on the Compose on the left hand side of the nav bar or in the Messages & Files section of the Member Center.

Is SecureMail available for mobile devices? Does it require a mobile app to be installed?

SecureMail is optimized for all mobile devices, and does not require an app to be installed. A mobile version of the website is available without losing the core SecureMail functionality.

Does DataMotion SecureMail work with Microsoft Office 365?

With DataMotion SecureMail for Microsoft Office 365, users are able to send secure messages from their email clients of choice by simply inserting a predefined word or phrase in the subject line and clicking send. DataMotion SecureMail for Office 365 is easy to use because it integrates with applications, mobile devices and systems already in use without the need to install special applications or exchange encryption keys. For additional information on Office 365 integration, please contact your DataMotion Account Representative.

Does DataMotion SecureMail work with Google AppsTM?

DataMotion SecureMail for Google AppsTM service allows sensitive data to be securely exchanged with customers, business partners and vendors. It’s easy to use since SecureMail integrates with applications, mobile devices and systems already in use, without the need to install special apps or exchange encryption keys. For additional information on Google AppsTM integration, please contact your DataMotion Account Representative.

Why and how is SecureMail different from S/MIME?

SecureMail has the following benefits over S/MIME:

  • It can be used to send encrypted emails to anywhere in the world regardless of whether the recipient is a subscriber or not.
  • Enables non-registered recipients to reply with secure messages
  • Does not require any setup or key exchange in order to be enabled for use
  • Scales seamlessly for 100s or 1000s of users
  • 100% secure with any and all web, desktop and mobile clients (see article above)
  • HIPAA and HITECH compliant

In addition, SecureMail handles attachments up to 2 GB and provides tracking capabilities superior to most of the currently available email solutions.

What clients are supported?

The following browsers are supported in the desktop version: IE, Chrome, Safari, and Firefox. Mobile devices supported are iOS, Android, and Blackberry.

What is the SecureMail Send Secure Outlook add-in?

The SendSecure add-in application for Microsoft Outlook installs a Send Secure DataMotion button above the standard send button in the Outlook client. It enables one-click sending of encrypted email messages. SecureMail Desktop users can click the Send Secure button instead of the standard Outlook Send button when composing a new message, replying or forwarding a message. Attachments can be added in the normal manner. The Send Secure button routes the message and attachment(s) to the SecureMail service for encryption and secure delivery to the listed recipients.

What versions of Outlook are supported by the SecureMail add-in?

The add-in is compatible with Outlook 2007, 2010 and 2013.

Can the SecureMail add-in for Outlook support more than one email account?

The add-in is linked to a single email account. Other email accounts could use a POP3/SMTP connection to the SecureMail SaaS or SecureMail Gateway (outgoing connection, incoming connection would be to the SecureMail SaaS or a corporate POP3 account) to provide similar functionality, but sending from non-linked accounts using the SendSecure button is not supported.

What email protocols does the SecureMail add-in for Outlook support?

The add-in is abstracted from most protocol issues by Outlook. In practice, it has been compatible with a strong majority of current Exchange, POP3 and IMAP connections to email servers. There is a known compatibility issue with Microsoft ActiveSync and Google Apps Sync (MAPI) accounts, which are not supported by the SecureMail add- in.

What are the main types of the SendSecure Outlook add-in?

The Outlook add-in can be configured to route secure messages to the DataMotion SaaS in three (3) different ways:

Client Side Encrypting: In this version of the add-in the message is sent as an encrypted payload to the DataMotion SaaS for processing. An additional feature of the add-in is that it downloads an unencrypted version of the message from your SecureMail inbox directly to your Outlook inbox. This version of the Outlook add-in does not require the DataMotion SecureMail Gateway.

Server Side Encrypting: This version of the add-in redirects a secure message over an encrypted channel to the DataMotion SaaS. This version of the add-in requires the DataMotion SecureMail Gateway to process and redirect the message.

Subject Line Tagging: If your policy is not to modify message headers for secure messages, then the tagging option is also available. With this option, a tag is added to the subject line of a message which can be scanned by the Gateway, and routed securely to the DataMotion SaaS. When the Gateway recognizes the tag in a subject line, it strips it out before the message is forwarded to the DataMotion SaaS.

Note: In order to implement the tagging option, ALL of your messages will need to be routed through the DataMotion SecureMail Gateway.

Are there any other compatibility issues with other Outlook add-ins?

The SecureMail add-in has proven to be compatible with the majority of Outlook add-ins. A small number of issues have been observed with add-ins that add a long delay to the boot-up of Outlook.

Is there a way to deploy the add-in through a centralized means such as Group Policy?

Yes, the add-in can be deployed via a centralized means such as Group Policy Object. For additional details, please contact a DataMotion support engineer.

What virtual desktop environments (Citrix, etc.) are supported?

The tagging version of the Outlook add-in can be deployed in virtual desktop environments such as Citrix, VMWare, etc.

What is opportunistic TLS and is it supported by DataMotion?

Opportunistic Transport Level Security (TLS) means that a server will accept TLS connections from the client if the client asks for TLS in its handshake, but it won’t require it. DataMotion does not rely on opportunistic TLS for outbound emails because we consider it a risky approach to completely rely on TLS based on the fact that the recipient advertises it. TLS only encrypts the message while in transit, not sender-to- recipient. For example, a recipient may have an antispam solution (e.g. Postini) that advertises TLS as the 1st hop, after which they send messages to their recipients in the clear.

How does SecureMail support HIPAA compliance?

There are three parts to HIPAA compliance as it pertains to the exchange of protected health information data (PHI): Privacy, Security, and Accountability.

  • The Privacy Rule – covered entities must control and limit access to the data only to those who need to use it – authorized personnel.
  • The Security Rule – covered entities must adequately protect the data from accidental exposure to, or theft by, unauthorized persons.
  • Accountability Principle – covered entities must understand their responsibilities and be accountable for Security and Privacy when sending, receiving, storing or using data.

SecureMail supports full compliance with all HIPAA Security Rule components for the exchange of PHI data via encryption and messaging tracking. It also supports the HIPAA Privacy Rule components, but only to the extent that the recipient is an authorized person (a SecureMail message containing PHI can be sent to an unauthorized person via a user error or misuse). SecureMail supports the Accountability Principle to the extent that its use demonstrates a reasonable effort to treat the exchange of PHI responsibly.

SecureMail Gateway

SecureMail Gateway safeguards sensitive email messages by automatically scanning all of your company’s email for compliance, and applying policy-based secure mail encryption.

What is the DataMotion SecureMail Gateway?

The DataMotion SecureMail Gateway safeguards sensitive email messages by automatically scanning all of your company’s email for compliance, and applying policy-based secure mail encryption. It is a policy-based content filtering engine that provides an essential safety net. DataMotion’s SecureMail Gateway automatically detects sensitive information that has been sent as outbound email and routes it for secure delivery. This frees your employees from worrying about the do’s and don’ts of email compliance and ensures strict policy enforcement across the entire organization.

What rules are built-in?

The Gateway has some of the most common PHI and PII rule patterns built-in, including financial policy rules, healthcare rules, and personal identifying information rules.

Additional built-in rules include tags to scan a subject line of an email and take the appropriate action.

What happens when a rule is matched?

There are multiple actions that can be specified when a condition is matched. Some of the common ones are to send the message securely, route the messages to another SMTP server, and delete the message. In any of these cases, the sender and other individuals (administrators, managers) can be notified by the Gateway.

That’s great, but can I create my own custom rules to match patterns specific to my own organization?

The DataMotion Gateway includes the ability to use Regular Expressions for pattern matching, as demonstrated by many of the pre-configured rules. You can create custom rules using your own set of Regular Expressions as well. While the Gateway has the most common PHI, PII, and HIPAA compliant patterns built-in and tuned over DataMotion’s years of experience, it is flexible enough to give you free reign over writing your own patterns (rules). The Gateway is also capable of exact matching; meaning you can create a flat file with the exact keywords that you wish the Gateway to scan.

How will the DataMotion SecureMail Gateway fit into my current environment?

Depending on the nature of your mail flow, the DataMotion Gateway can easily be incorporated into your existing infrastructure with minimal disruption. There are a variety of different architectural options as to how the Gateway can fit into your environment. For additional details, please request the Gateway Mail Flow document from your DataMotion Account Manager.

Can the DataMotion Gateway be deployed in a High Availability environment?

Yes, the Gateway can be installed in an active / passive cluster, VMWare or in a load balanced configuration.

Will the DataMotion SecureMail Gateway replace my existing email server?

No. The Gateway routes messages based on content, and is NOT a replacement for your current email system.

How will I direct my mail server to send messages to the Gateway?

Typically, your mail server routes messages to an outbound Edge Mail Server for final delivery. When you are ready to deploy the Gateway into production, simply direct your mail server to route messages to the Gateway, instead of the Edge Mail Server.

How will the Gateway know to direct messages to the Edge Mail Server?

We will configure a route on the Gateway to deliver all non-secure messages out through your Edge Mail Server. Note: If your Edge Mail Server has IP restrictions, modify its access and relay list to allow the Gateway to route messages.

Not all of my users require SecureMail. Is there a setting on the Gateway that will enable me to control my SecureMail accounts?

There are various methods such as implementing user groups and rules whereby you can control your SecureMail accounts.

What happens if one of my users does not have a SecureMail account and sends a secure message via the Gateway?

The message will be received by the DataMotion SaaS, and will sit in the ‘Drafts’ folder of the sender’s account. The sender will receive a notification that they do not have permission to send a message and to contact their IT administrator. Once their account has been fully licensed, the message in the drafts folder will automatically be sent out. The sender does not need to resend the message.

I don’t want to have my users maintain yet another set of credentials to retrieve their secure messages. Are there alternate methods of secure message delivery?

The Gateway can be configured to deliver messages securely over Plain Text via TLS. Alternate methods of secure Plain Text delivery can be setup via the DataMotion SaaS.

Single Sign On

Does Single Sign On (SSO) present any security risks?

SSO with industry-leading Identity Providers offered by DataMotion follows strict security measures put in place by these vendors to protect their users. Ultimately, safeguarding access to user accounts (whether via SSO or regular user ID/password combination) is in the hands of users, who must take all necessary precautions so as not to compromise their account credentials.

Can SSO be disabled?

DataMotion customers concerned about providing users within their companies with SSO, have an option to disable it for their licensed users (auto-created recipient users will still have it available).

Are there any restrictions for using SSO?

Any users who use the Outlook Add-in that requires authentication or DataMotion APIs, must continue using their current authentication method with email/user ID and password.

Updated on November 5, 2018

Was this article helpful?

Related Articles