PrivaSphere™ Signature & Policy Management Service

E-mail - important communication tool

The digital world is part of daily business of companies, organizations and authorities. E-mail communication has become the most important business communication tool of everyday life. Not only are documents and contracts exchanged electronically, but also important agreements are often confirmed by e-mail.
E-mail communication for such important businesses may seem to be an easy and simple way of communication. However, as a responsible company, you have to think about the accordance with law, too. Unfortunately, the exchange of information via normal e-mail is not secure at all. Content can quickly be read by unauthorized third parties. Additionally, sender and content can be changed without even noticing. This makes it impossible to prove normal e-mail messages in a legal dispute.
But there’s a solution. Signed and encrypted e-mails provide security. Therefore, you can make use of all advantages of e-mail communication without any of the disadvantages.

Sign e-mails

The electronic signing of e-mails ensures the proof of origin and the immunability of the e-mail. Further, the identity of the sender (authenticity) is clear. Therefore dubious e-mail senders can be marginalized.
The PrivaSphere Signature & Policy Management Service requests e.g. the QuoVadis Secure E-Mail Certificates directly via an automated and highly secure process. The personal certificates are stored centrally on the platform and are available to users for automatic signing.

see: QuoVadis Secure E-Mail Certificates complement PrivaSphere Secure Messaging Platform (in German only)

Sign PDF attachments

PDF attachments can easily be signed by PrivaSphere PDF Signature Service. It is an Advanced Signature, which mean, that signed PDF files fulfill the needs for electronic invoices automatically (proof of origin and immutability). To ensure this, the Advanced Signature suffices.

For existing users of the E-Mail Signature Service, the one-time installation effort is minimal. The perfect solution for simply signing PDF files and sending them in compliance with legal requirements, also from your special applications (e.g. invoicing and pay slip shipping) or other applications (for example Outlook ).

Just add the control tag <sigAtta> to the subject line. This adds a signature to the PDF file with a unique sender and cryptographic integrity protection.

Because it is an "advanced signature", please refer to the document "Checking a Non-SuisseID" signature in Adobe Acrobat Reader DC »:

(AATL compliant signatures are also available - please contact us)


Automatic decryption (SMIME)

Signing certificates can also be used for encryption. Therefore, it may happen that incoming e-mails are encrypted by your communication partners with the signature certificate.

There are two ways to decrypt these:

  • Send the encrypted email via the PrivaSphere Signature & Policy Management Service as an attachment to (via "drag & drop" in the mail program). Afterwards, the e-mail is decrypted via PrivaSphere Secure Messaging and safely delivered to you.
  • If this happens more frequently, then - depending on the technical possibilities of the customer - the incoming eMail traffic can be directed wholly or selectively only the encrypted messages via the PrivaSphere service and the decryption takes place automatically.


Encrypt e-mails

PrivaSphere Signature & Policy Management Service provides the ability to send an e-mail confidentially by the PrivaSphere Secure Messaging Service. This also guarantees confidentiality and with «eGov registered» the legal capacity.

PrivaSphere Secure Messaging also enables a HIN integration.


E-mail rules

PrivaSphere Signature & Policy Management Service also provides detailed rules for controlling inbound and outbound e-mail traffic. These include sender and recipient-based rules for signing and encrypting, blocking e-mails from addresses, or integrating data leakage prevention (DLP) systems and inserting footers.

There is also a sophisticated system for managing authenticated TLS connections when exchanging confidential emails with partner domains.

Incoming e-mails can be processed automatically. Existing digital signatures can be «harvested» and used for fully automatic encryption of outgoing e-mails. The domain's security officer has control over it using the management console and can control the process precisely. He also has the ability to monitor the mail traffic by means of detailed logs and analyzes of the used encryption.


  • Server based signature service for your mails with your company or individual signature
  • Option: Automatic generation of individual QuoVadis signatures for all senders
  • Proof of integrity
  • Proof of origin of your mails
  • Better evidence at the court
  • Individually activatable for individual senders, e.g. Accounting, management
  • Delivery either as a signed e-mail message or as an e-mail with a signed PDF attachment
  • Signature by certificate per domain and per user possible
  • No investments into hardware, no licences, no maintenance costs
  • Central rules for mail delivery will help to enforce corporate policy for email: Open/signed/confidential - Sender and receiver based - Block of messages (also based on content) - Footnotes depending on delivery method


Advantages and functions

  • Ensuring the integrity of sent eMails (signature becomes invalid as soon as the content of the message is changed)
  • Easily connect your company's email infrastructure to the PrivaSphere Secure Messaging Service platform
  • Distinguishing business email against spam and phishing e-mails on your behalf
  • Interfaces / interoperability with additional services (HIN, other encryption appliances, TLS, etc.)



  • Works with mostly all mailservers (Microsoft Exchange, Lotus Notes, Novell Groupwise, Sendmail, google office and office365, etc.)
  • Works with all mail clients (for example: Outlook, MacMail, Thunderbird, Windows Mail ... as well as with mail programs on mobile phones)
  • No changes of the existing infrastructure (mail servers and mail clients)
  • To sign emails just use the Outlook Addin or directly the subject tags <s>, <PSPSigned/> or <sigAtta>