Many users prefer to use their standard e-mail program for sending and receiving secure messages. Therefore PrivaSphere Secure Messaging can be integrated into your standard e-mail user interface by the configuring of an additional e-mail account. The user then can choose between the appropriate transmission channels - PrivaSphere Secure Messaging for messages containing personal or confidential information.
Add a new mail account in Outlook
1. Tools > eMail Accounts > Add a new eMail account:
3. "More settings ...":
Tools > eMail Accounts > View or change existing e-mail accounts > choose the newly created account > Change > More settings ...
If your mail program supports not just SSL, but also TLS, then choose TLS. (E.g. Mozilla Thunderbird 1.0 offers this and choosing SSL will change your port to the legacy port 465 instead of 25.)For example with Lotus Notes, choose the legacy port 465 - it will not work with port 25, i.e. with "STARTTLS". This finishes your configuration.Hint: Anti virus software installed on your computer system may interfere with sending secure emails (Symantec Norton, McAfee, etc.). Use Port 465 for the outgoing server (SMTP) instead of port 25 in this case..
If you prefer not to configure your mail program yourself, then contact a PrivaSphere representative or partner for additional assistance.
Professional users working from a locked corporate desktop or rigidly closed outbound firewalls might need their IT department to enable the mail account configuration option. Contact a PrivaSphere representative for additional assistance.
Note: Outlook 2016 has a new tutor since release of August 2017. It severely restricts the configuration of new individual accounts.
Use the "Windows System Control" -> "Mail" function for the configuration.
PrivaSphere integration in e-mail clients is - due to the strict adherence to established standards - generally possible, but in particular was tested with the following programs:
For detailed configuration information, please contact our hotline - email@example.com
PrivaSphere stellt ein Outlook AddIn zur Verfügung, mit dem die Steuerung von PrivaSphere Secure Messaging und PrivaSphereSignature Service bequem aus Microsoft Outlook erfolgen kann.
Die neue Version enthält den "Descreete PDF Signer" - damit können PDF Dateien direkt im Outlook qualifiziert digital signiert werden.
Outlook AddIn V.3.3.2 (15.02.2023):
Microsoft Outlook 2019 / Plus 2019 (32bit und 64bit)
Microsoft Outlook 365 (32bit und 64bit)
Microsoft Windows 10
Microsoft Windows 11
Der Einsatz des Outlook AddIns ist kostenpflichtig - bitte kontaktieren Sie für den Einsatz unser Sales Team:
Der Einsatz des AddIns erfolgt auf eigenes Risiko und ohne Gewähr. Die PrivaSphere AG und der Hersteller lehnen jede Haftung ab.
Andere Plugins für Lotus Notes und Thunderbird auf Anfrage.
To generate the subject tags for PrivaSphere Secure Messaging we found the following Thunderbird Add-On:
Subject Manager is a Thunderbird add-on which allows to manage subjects of emails. The main purpose is to store user-defined subjects and offer a convenient way to insert them into subject field.
For Thunderbird 60.9.1 (32-Bit) and older (see decription of the developper).
Just add the PrivaSphere Subject Tags as shown below.
Thunderbird AddOn "Quicktext"
Using Thunderbird, Quicktext is a good tool to insert subject tags to messages for triggering PrivaSphere Secure Messaging.
Download standard PrivaSphere configuration file (xml)
tested with: 68.2.2 (32-Bit)
With PrivaSphere Secure Messaging all emails received can be delivered directly to the recipient’s inbox on its mail server.
The advantages are:
The decision whether PrivaSphere delivers the emails to the recipients servers is taken by the individual recipient.
Precondition is a SSL certificate installed on the server that passes preliminary validity tests by the PrivaSphere platform.
! Please have only mails delivered to a ‘normal’ email server if you are sure that the security of your server meets your security requirements for confidential messages!
PrivaSphere does not support this delivery service to free public mail services such as hotmail, gmx, gmail and others due to security reasons.
In ‘My Account’ there is a section ‘Domain mail server (TLS)’
If the user's email server presents a SSL certificate, PrivaSphere will ask the user to judge its appropriateness for delivery. This check is done for the first received email.
PrivaSphere presents the found certificate:
on email-server.com's domain mail server mail.domain.com, found - the following TLS-Server-certificate: OU=My Company, CN=*.domain.com, O=*.domain.com
The certificate can be viewed in detail or downloaded as file.
Shall PrivaSphere directly deliver your messages (encrypted with the above certificate)? Please choose one of the following options:
My confidential contents can securely be deposited into a server receiving mails encrypted with the above certificate.
Please ask later
I first have to check with my security officer/mail administrator.
Do not use this certificate
This certificate is not good. Perhaps a Man-in-the-middle attack? Possibly there are other good ones.
I prefer not to use this feature for my confidential e-mail.
After acceptance you will find the setting in ‘My Account’ - ‘Domain mail server (TLS)’.
Change the settings or switch the delivery service off.
There are two indicators to recognize the delivery of a secure email via asymmetric TLS encryption:
Text in the mail body:
PrivaSphere Secure Messaging inserts a warning in the mail body:
the information is also available in the mail header:
For more information about TLS encryption see:
Make sure that your server is actual and does not send any attachments and message text back without encryption ("bounce") in case of malfunctions or errors. Unless confidentiality is also important for your relationship, it is advisable for the rare cases of internal faults of your mail server to not use bounces but use other alert mechanisms.
Size restrictions on internal redirectsPrivaSphere Secure Messaging delivers mail s up to the size your accepted 'forefront' mail server accepts. If you set up forwarding, you must ensure that the conditions the same (or larger) size restrictions. Otherwise, large emails are not delivered.
For the domain (with domain integration or asymmetric TLS) delivery or ‘NoStore’ delivery of messages PrivaSphere Secure Messaging checks the maximum size of accepted messages on the receiving server to facilitate the successful delivery.
If the sent email is too big to be delivered it will be split to several partial mails which fit the server’s size restriction. Typically, each message share will contain the number of attachment that just still are likely to be accepted size-wise.
If a single attached file is even too big on its own to be delivered in one message share, it will be split in several ZIP attachments each being put into a share.
To put these files back together, the individual parts must be copied to a local directory to be subsequently assembled with a suitable program back together.
Several ZIP programs can handle split, encrypted ZIP files (as WinZip, 7-Zip and others).
The PrivaSphere signature and policy management offers a security officer the possibility to
Caveat: This service protects only the domain-to-domain relation. If you want to use the PrivaSphere value added services like 'misrouting protection' or initial authentication with MUC or eGov registered, you need to use the PrivaSphere main platform.
For security admins:
SHA256 as published by a domain admin (example):
As shown in PrivaSphere interface after pressing green OK button:
It's possible to 'grandfather' TLS configurations from an old certificate to a new one.
Outlook for Web version
Outlook.com and Mac versions are compatible.
For accounts integrated via IMAP, .Net Add-Ins are not supported by Microsoft Office 365. (Via POP3, accounts cannot be installed online in Office 365).
Outlook for Windows
- Outlook 2016 or later
- Only email addresses connected via IMAP or Exchange/O365 are installed in the same Outlook profile (condition for starting the new Outlook).
- The email account must be connected via Exchange or O365.
|address managed simultaneously in Outlook
|Use of add-in for address
If the .Net add-in is not an option for you, we recommend the previous version, the COM add-in. Development of this has been stopped, but it has the same functions.
In the new Outlook, under "Get add-ins", you can open the dialogue box for installing new add-ins.
If these buttons are not visible, you can activate them under View/Display settings/Email/Customise actions can be displayed.
If this is not possible either, the login dialogue box can be called up directly via https://aka.ms/olksideload for Outlook live.
There, under "My add-ins" below, you can install add-ins that are not distributed by Microsoft.The installation file is manifest.xmlThe next time Outlook is started, the add-in will be active.
a) Secure Sending
When you are writing a new e-mail, you can use the button under Add-Ins. Here you can select the functions under "Secure sending".
b) PDF Signer
The local "discrete" PDF Signer is also available in the tab. The Signer can access all the PDFs attached to the email.
Under Settings, you can save the default options for the next step.
The signatory asks for your PrivaSphere login. All other data is optional and allows you to configure your signature as you wish.You can place and scale your signature yourself.The "signature" then triggers your identity authentication with Mobile ID.Signed PDFs receive the complement "-sig" at the end of the file name.More information about signing PDFs here
c) E-Mail Check
Enter the address in the address field and press Verify. (The web application may ask you for your PrivaSphere login).You will then be directly informed whether the verified address is internal to the control address and whether it is identified for receiving eGov emails.You can find more information about checking e-mails here
Here, the various messaging options can be shown or hidden and the initial value of each sending option can be defined.
These options can be imposed at the organisation level, in which case they will not appear for editing.
b) PDF Signer
Here you can define all the default settings in the signer
It can often be helpful to know in advance whether a MUC will be triggered and whether you need to fill in one of the fields if you do not want to send the MUC to the recipient yourself. Or to ensure that a recipient can also receive an eGov e-mail.To do this, the function shows the status in a web query:
- The query is made for the Outlook user of the 'main account' entered in FROM
- The query is only possible from defined/fixed IP addresses of the user domain
- The query is only possible for defined user domains
- There is a query limit per PC and time unit (determined by means of the user's unique ID).
If this additional function is attractive to you and is not yet available, please contact us at
Phone: +41 43 299 55 88