Easy Email Encryption Using MDaemon and Virtru

The sheer amount of email that flows across the internet every day is staggering, but what’s all too easy to overlook is just how insecure this form of communication actually is.

Often email delivery is compared to traditional paper post in that there is an envelope containing a letter, there are senders and there are recipients. In reality, the comparison is much more similar to a postcard.

Aarrgh! Everybody’s watching! Freak out!

When you send an email, at every point on its path across the Internet, that entire message is freely accessible to anyone who feels the need to view it. This can be done without any indication to the sender or recipient, and may well be happening right NOW!

OK, I’m possibly being dramatic so let’s not get too paranoid! 90% of the time we’re not really sending anything that’s so private it would be devastating for somebody else to read, but have you ever sent information like bank account details, passwords and the like? I doubt you’d be too quick to send those on a post card.

Enter email encryption

There has always been a solution to this issue of security, and its encryption.

PGP ( Pretty Good Privacy) is the one you’ll often hear about, however, while this will protect the message and contents from prying eyes, historically I’ve always found it to be a real pain to configure properly.

Some people will make do with password protected document files, and email those. but this is not anywhere near as secure and lets face it, it still a pain, when you’re sending response after response in an email thread.

Virtru “Simple Email Privacy” 

Virtru is a third party hosted service that offer an alternative to the above. It’s one of a few hosted solutions of this type out there and we’ve found it lives up to it’s name. It really is simple, without compromising on the security side of things.

Exchange alternative, MDaemon Messaging Server now includes Virtru integration within its WorldClient Web Interface.

If you’re an Outlook user, you can also use Virtru via a simple add-on, plus there’s a web-based version and apps for iOS and Android should you want to read encrypted emails on the go.

Using Virtru within WorldClient

In order to start using Virtru Encryption within WorldClient you need to be running the ‘WorldClient’ theme.

Step 1 Open Settings by clicking on the cog icon

Step 2 Choose Compose Options

Step 3 Enable Virtru Support under the compose Options and choose Save

Step 4 MDaemon will now initiate and manage the registration process, this usually only takes a few seconds …

Step 5 Virtru is now set up. To use, simply compose a new message and tick the small ‘V’ icon.

Step 6  On sending the message, you should see an encrypting symbol, which should only hang around for a few seconds…

How does Virtru secure messages? I haven’t even created a password

Virtru uses a very clever key management system that only requires a one time verification process using your email address.

In basic terms..

Step 1 A user starts to use a Virtru client, at which point they must first register with the Virtru servers by passing their email address.

Step 2 Virtru generate a one-time response email.

Step 3 The user receives this email and the Virtru Client automatically uses the data it contains to verify the account.

Step 4.The user is now verified with Virtru and is assigned an encryption key to be used for the next message to be sent.

The important bit here is that every time a message is encrypted, a new encryption key will be assigned and used.

On receiving a Virtru encrypted email, the recipient is invited to register their email address and then can either decode the message within a browser window or choose to install one of the various Virtru clients.

The Outlook Add-on

As well as the WorldClient Integration for MDaemon, Virtru also provide additional add-ons for Clients including an excellent Outlook add-on that works great alongside MDaemon’s Outlook Connector.

The add-on is very simple to use and once installed, simply needs the user to go through a quick account verification to confirm the email address is valid.

Along with the ability to encrypt individual emails within the Outlook add-on you can also select what text to send within un-encrypted personal Introduction section of the email and also whether to allow forwarding and whether the message should expire after a set time. Its worth noting these features are free for 14 days after which the paid for pro version of Virtru is needed per account.

Virtru Clients are available for a range of Platforms including Outlook, Chrome,Firefox,IE 10+,Safari,iOS 7/8, Android 4.0+ and Mac Mail.

Click here to download any of the clients

What’s in the “Pro” version?

The Virtru Integration currently provided by MDaemon only requires the basic free Virtru account, and so new accounts are created automatically as needed for each email address in MDaemon that has the option enabled.

This works really well, but there are additional features that Virtru offers that can be unlocked if you choose to upgrade your account with Virtru Directly.

These include the ability to revoke existing email, control whether an email can be forwarded by the recipient, set email expiration dates and more.

By default all Virtru accounts get these Pro features free for 14 days at which point they revert back to the basic free offerings.

I hope you found that a useful post, I think it’s likely Alt-N will be evolving this integration further so I’ll no doubt be back shortly with more information around what they have planned.

If you have questions or feedback, feel free to use the comments below.

4 thoughts on “Easy Email Encryption Using MDaemon and Virtru

    • Hi there – it works fine with Outlook too actually but I think you might have missed the section of the blog post which covers it.

      For info, have a look at the section entitled “Outlook Add-on”.

      Thanks!

  1. What happens if I need to access emails 10 years down the road without Virtru being there anymore, or if Virtru has been compromised?

    • Hi Alex,

      Yes this is something you have to take into account. Once you encrypt a message with Virtru you need Virtru to decrypt it every time in the future, so yes the services need to be working and your account valid. Its worth noting using Virtru also this effects your archiving policy, so you need to consider if you allow users to encrypt or not on that grounds as well

      I think you have to think of encrypted emails as only having a short term lifespan, they are more like secure chats with no guarantee to be viewed by other people in the future. In allot of business cases I can understand why you would not want users to encrypt email client to client, and would simply reply on server to server encryption like TLS to protect the mail flow from prying eyes.

Let us know what you think....

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s