The Encryption feature makes it easy to encrypt sensitive email and attachments for security or regulatory compliance. RMail automatically delivers encrypted with the simplest user experience for each recipient and provides manual or automated options for delivery using different levels of encryption or different recipient experiences.
Using either of the available encryption methods enables the recipient to securely reply. Click here to learn more about using the Secure Reply feature.
This article covers the following topics:
- Encrypting a message using RMail
- Transmission Encryption – Auto-decrypts for receiver
- Message Level Encryption - Decrypts with password
- Password Retrieval Feature
- Recipient Password Creation
- What is TLS?
- Video: How to Send Encrypted Emails
Encrypting a message using RMail
To encrypt an email follow these steps:
1. Compose an email as usual.
2. Click on the Send Registered button.
3. In the feature panel pop up window check off the box next to the word Encrypt.
4. There are two options available, Transmission Encryption and Message Level Encryption. Select one and click on the Send button.
The message will contain an email banner indicating it has been transmitted encrypted for the recipient’s awareness.
Note: If the recipient uses the Microsoft Outlook mail client, they may receive an Outlook Read Receipt request.
Transmission Encryption – Auto-decrypts for receiver
This option detects the best method to transmit the message to the recipient. If the recipient has TLS (Transport Layer Security) or a certain level of TLS, the email will be sent and transmitted to the recipient without a password required. There will be no link to click or special software for the recipient to open and view the message body and attachments.
Message Level Encryption- Decrypts with password
This option is used automatically when the recipient does not have TLS or is below the threshold set by you or your company, or if you wish to have the encrypted message stored encrypted at rest in the recipient’s mailbox.
The email is wrapped inside a AES 256-bit encrypted PDF. When the recipient receives the email and opens it, they must enter the password to view the email body inside the PDF. The attachments are located embedded inside the PDF or are located inside the RMail secure File Share portal for the recipient to download them to their local device.
Message Level Encrypted emails are password protected with either a system-generated or user-generated password. The recipient will get the decryption password on a separate email. You can create a custom password or leave the password field blank to have a random system-generated password created.
System Generated Password
- If you use Message Level Encryption, you may opt to have the RMail App automatically generate a unique, eight-character, alphanumeric decryption password.
- The automatically generated decryption password is sent to the recipient inside of an automatically generated password email.
User-generated password
- You can create a password instead of letting the system create one automatically. To do so, you need to enter the chosen password in the yellow space shown below. You may choose to communicate the password through other methods, such as a phone call instead of having it sent via email. In order to do so, uncheck the Email password option.
Password Retrieval Feature
You may allow the option for the recipient to retrieve the decryption password on their own by clicking on a password retrieval link inside the body of the Message Level Encrypted email.
Recipient view of the password retrieval link inside the Message Level Encrypted email.
Recipient Password Creation
You may allow the option for the recipient to create their own permanent, personal decryption password by clicking on a password setting link inside the body of the Message Level Encrypted email.
These are the steps the recipient needs to follow to create their own decryption password when receiving an encrypted email.
1. Open the corresponding email.
2. Click on the link to set your own decryption password for future encrypted Registered Email messages.
3. On the received email, click on the link to create a new password.
4. In the Change Password window, confirm email address, enter new password, confirm password, and click on Change Password.
Note: If an incorrect password is entered, it displays a message Password does not match in red color
5. A confirmation email will be sent to the recipient notifying the new password confirmation. The recipient can now sign the document using the permanent decryption password setup at Step #4.
What is TLS?
The RMail encryption service uses Transport Layer Security (TLS) as a default for sending and receiving encrypted emails. TLS is a secure “tunnel” protecting the message from the edge of the sender’s network to the edge of the recipient’s network. When an encrypted message is sent via TLS, it will be decrypted at the server level, and therefore does not require the recipient to input a password to access it.
TLS is enabled by default on our Control Panel for a customer’s account, so messages are always sent securely to RPost. We then use our TLS detection service to determine if the recipient's mail server has TLS enabled.
Video: How to Send Encrypted Emails
The following short videos explains the basic steps and options for sending encrypted emails using the RMail service.
This example uses the Outlook Desktop plug-in.
This example uses RMail for Gmail.