16 Nov 2018

Email Security Beyond the Soundbite

The ubiquity of smart phones and their apps have reduced the attention span for the masses. People now expect their information in big fonts, nice colors, and pretty pictures.

In the tech world, while many services have features that are now described in simple sound bites, it is often the details that make one product work for a customer need; or work better than similar sounding alternatives. And, with heightened awareness of email security needs, choosing your security solutions by sound bite has its pitfalls.

Following are two situations that tripped up some of our Tech Essentials readers: 

Mass Email Challenge: Large County Government Agency with Requirement to Track Delivery of Tax Notices. In Virginia, an agency needed to send hundreds of thousands of tax notices annually. To manage the process, they attempted to use an email marketing platform to send and track delivery of these electronic messages. In the end, it didn’t work. Sure, the messages appeared to have been sent, and some even included open detection reports; but what they soon realized is up to 35% of the messages were disappearing. Recipients simply claimed not to have received the messages. The last straw… when they realized that mainstream email security scanners now had bots that were triggering opt-out links placed in these emails by the email system which rendered many of the recipients unable to be sent to.

Best Practice: This government agency realized they needed a better way. They switched to sending these important notices using the RMail Registered Email™ service — for use when each email delivery record needs to be relied upon. The Registered Email™ service is the worldwide standard for legal and verifiable proof of email delivery, content and timestamp, returning a self-authenticating and court-admissible Registered Receipt™ record for every message sent. Organizations like the United Nations, US Federal Government, telecom carriers, pharmaceutical companies, and insurance, investment, and legal advisors have relied upon this service for more than a decade. It is not susceptible to the many, many issues uncovered when users try to send important business communications using email CRM sales and marketing systems where each message sent is often not mission critical. Sure, a newsletter gone missing might be a missed marketing impression, but a price change notice gone missing can have big financial ramifications for the sender.


Email Privacy Compliance Challenge: Insurance Broker Misunderstands “Office 365 Secure Email”. Secure email is now a common term. But what it really means depends on who is using the term. And many don’t take the time to consider the context. Secure email may mean protecting from email-borne threats like spam, phishing, and viruses. It could mean transmitting a message in a more secure manner, using a secure connection. It may mean sending a link for a recipient to retrieve a message or file through a secure website. Or, it could mean encrypting the message itself and delivering the message as an encrypted package. Well, if you are like the insurance broker staff trying to decipher all of this, your eyes are now glossing over. Hey, doesn’t secure email simply mean email that is secure protecting everyone from everything? Unfortunately, not always. This insurance broker relied on Office 365 secure email to send personally identifiable and private health information. They assumed it just worked, and sure, sometimes the messages were delivered through a secure connection, but sometimes they were not. They had no way to distinguish. Without being able to verify which messages, after the fact, were sent in a private manner, they fell short during their data privacy compliance audit.

Best Practice: Secure email means many things; each of which are important in today’s technology environment for different reasons. The insurance broker mentioned above (and other businesses) need not only secure email systems to protect against common email-borne threats, but also specialized email encryption services that provide simple-to-use methods to send email encrypted. A best practice for regulated companies is to choose an email encryption service that also provides an auditable record on a message by message basis of fact of encrypted delivery.  This is what protects in case of a data privacy audit or accusation of a data breach. Office 365 does not do this, nor do most secure sounding services in the market. RMail’s Registered Email service with RMail encryption provides this for Microsoft Outlook, Gmail, and Zimbra users; and can be set for automated sending from business systems (ERP, CRM, BPM).


Congratulations… if you got to the end, you are not one of those with the reduced attention span caused by over-exposure to mobile devices. You don’t only rely on what you can read in three words, big fonts, nice colors, and pretty pictures.