This is the list of emails filtered the previous day that were intended for your mailbox. We call this email the “daily summary”.

The list is smartly sorted according to relevance, so it is sufficient to check only the top emails. These are listed under “Please check” are listed. E-mails that SecuMail® has classified as spam with sufficient certainty can be found under “NOT visually inspected“. The further down an email is listed, the more secure SecuMail® was when filtering it.

As a user, you can also check filtered spam mails yourself and forward them to yourself. For this purpose, the daily summary contains a “Check e-mail” button. This will take you to the SecuMail® web (without further login). There you will see a preview of your e-mail and have the option of resending it after a visual check and automatically exempting the sender of the e-mail from the spam filter (whitelist).

Please note that this whitelist only applies to the spam filter. This exemption has no influence on security-relevant filters. Emails that have been filtered for security reasons cannot be forwarded via the daily summary. Please contact your administrator.

You are welcome to read our blog article “Redesign: What the new daily summary can do” and see the advantages of the new daily summary.

Do you suspect that an important e-mail has been filtered by SecuMail® and can’t wait until the next daily summary to be sure or to forward the e-mail?

In this case, you can use the “Request real-time summary” button to have a provisional daily summary for the current date sent to you from a previous daily summary.

In all other cases, your IT department will be happy to help you. Your admin can use the SecuMail®-Web search function to find your missing e-mail and forward it to you immediately if necessary.

The instant notification is an e-mail sent by SecuMail® to SecuMail® customer users. It is generally sent when a potentially dangerous file is found in an attachment of an e-mail to be checked. If the attachments have characteristics of possible attack vectors, e.g. macro code, they are filtered by SecuMail® as a precaution, even if no malware has been directly detected by the virus scanners. Files such as .vbe, .bat or .docm are often filtered as a precaution. Since it is possible that the e-mail is nevertheless important for the recipient, the recipient will be informed of the filtering and could have the e-mail forwarded by their administrator as quickly as possible. In the following cases, no immediate notification is sent:

• This is a file type that currently or generally contains mainly viruses.
• The recipient has already received five instant notifications of the same filter type on the same day.

Manual scanning is not necessary. When an e-mail is forwarded, it is checked again by the virus scanners and, if necessary, the forwarding process is aborted if the current signatures strike during the second run. SecuMail® generally has all e-mails checked by two virus scanner engines. In the event that a virus scanner strikes, the corresponding output is displayed both in the daily summaries and in the SecuMail® web for the administrator. All mails that have been filtered by a virus scanner due to a virus detection can generally not be forwarded. Mails that have been filtered due to a forbidden attachment, such as a .vbe, but none of our virus scanners have found a virus, either do not contain a virus or do not contain a virus that could be detected by virus scanners at time X. In both cases, it is hardly necessary to use another virus scanner. In the case of current ransomware, the probability of a virus scanner detecting its macro in the mail is frighteningly low. In unclear cases, we recommend asking the sender (if they are known) whether they sent the email. For unknown senders, we recommend using the trash can.

You receive several daily summaries because you have several e-mail addresses. You can prevent this by sending an e-mail to support@secumail.de sendin which you provide us with the relevant e-mail addresses as well as the e-mail address to which the “bundled” daily summary should be sent.

Would you like to have the daily summaries for existing standard addresses (e.g. info, contact, support) sent to just one person who is responsible for processing them?

Please send us an e-mail stating which addresses are to be combined and to which other address they are to be redirected. Each e-mail address can be redirected once or added to another. The content is always merged at the end so that each address only receives one report.

SecuMail®-Web is the web portal for administrators and users. It provides various options for accessing the e-mails processed by SecuMail®, in particular those that are in quarantine because they have been filtered. The available functions include

• E-mail search
• E-mail preview
• Information about the filter status of an e-mail
• Forwarding
• Statistical information
• Maintaining the valid address filter list

Every SecuMail® customer receives access to the portal. This is intended for the IT administrator(s) and should not be passed on (to users) for security reasons. https://web.secumail.de

If you have any questions about using SecuMail®-Web, the SecuMail® team will be happy to hear from you.

A daily summary is sent to every email address for which at least one email was filtered on the previous day. If nothing was filtered, no daily summary is sent. If the daily summary contains only virus messages, it will also not be sent.

No, that is not necessary. The filtered e-mails are sorted according to spam probability. First of all, under “Please check” the mails where SecuMail® was not quite sure whether it was really spam are listed – the very clear spam can be found under”NOT visually inspected“.

This means that only the top mails are relevant when searching for incorrectly filtered mails (false positives). As a rule, you do not need to check all other emails.

You can easily delete a spam e-mail using the “Check e-mail” button and send it to yourself.

This is not the case. SecuMail® has no influence on the activities of spam senders.

However, if you have the feeling that you are seeing a larger number of filtered spam mails in the daily summaries than with the old spam filter, there may be two reasons for this:

1. SecuMail® finds and filters more mails than the old filter.
2. The old filter only listed some of the filtered spam. In contrast to other (cheaper) filters, SecuMail® first accepts almost all mails and then takes the time to inspect them in detail (takes approx. 5 seconds). This is why all filtered mails are listed in the daily summary. Other filters often reject mails immediately, based on the first signs during transmission. These (possibly prematurely) rejected mails then no longer appear in the listing.

For security reasons, the forwarding of emails with potentially dangerous attachments that can be executed on Windows is reserved for the administrator. The administrator has a trained eye and the necessary knowledge to decide whether a file can be forwarded. For example, many Trojans use fake sender addresses of business partners or customers known to them in their attacks in order to gain trust.

If you discover an e-mail in your daily summary or an instant notification that you still need, please send the SecuMail® e-mail ID specified in each case (example: 1508250600293619_22412_sc03.secumail.de) to your admin with a request to check and forward it. As a user, you can forward all emails that have been filtered due to spam yourself via the daily summary.

Yes, we are very grateful for the cooperation of our customers. If you discover a spam e-mail that seems to slip through frequently, please inform your e-mail administrator. They will forward the mail to be checked to us. We will then promptly ensure that this spam mail is filtered in future.

Read here how the administrator sends the e-mail to SecuMail^® can be forwarded.

SecuMail® sends a notification e-mail to the recipient for every e-mail that is filtered due to unauthorized attachments, mail size or corrupted archive files. This immediate notification is not sent for filtered virus mails and spam. All filtered emails from the previous day are listed in the daily summary, which is sent to users every morning.

The mail archives of the filtered e-mails are stored for 28 days.

This instant notification e-mail itself is of course not spam. There are two reasons why you are receiving this e-mail:

• Executable files are filtered across the board because they could contain viruses (see FAQ Why are executable files filtered across the board?).
• Via filtered (retained) executable files you always receive immediately a notificationas these could also contain desired code – and you want to know this immediately so that you can have them sent to you if necessary.

Business filter customers can also deactivate this instant notification. No more than five instant notifications are sent per user and filter reason in one day.

SecuMail^® contains several filters that check files in the attachment for certain file types and block potentially dangerous types. These include the following:

• The Extension filter only checks the extension of the file and ensures that files with extensions such as .pif, .reg, .exe, .vbs, .bat, .js etc. … are blocked.
• The Exe filter is a bit smarter and looks inside the files, so that (especially on Windows) executable files are recognized as such and blocked regardless of the file name/extension.
• The intelligent Macro filter is even smarter and finds macros embedded in file attachments, among other things. Ransomware is often hidden in old MS Office files such as .doc or .xls.

Like most SecuMail^®-Components, these filters can also be deactivated in the configuration for a customer. In the case of the exe/extension filter, however, this is expressly not recommended, as only the exe/extension filter is able to detect email worms, which are very often contained in executable files, before the virus scanner manufacturers can issue suitable signature updates. If such files are filtered, you as the recipient will always receive a notification immediately. The exe/extension filter is therefore a very efficient, useful and necessary addition to the virus scanner. Ransomware viruses in particular like to hide successfully from virus scanners in file types such as .docor .js. These viruses can only be reliably detected by the exe/extension filter.

No. Please use the unsubscribe function of the newsletter. Newsletters must never be classified as spam by SecuMail®. Even if you have never actively subscribed or find the newsletter annoying, it makes sense and is necessary to “unsubscribe”. We can only classify the mail as spam if the unsubscribe link is clear and permanently without function. Of course, caution is advised with every link. As a rule, unwanted newsletters can be reliably unsubscribed from, which is why this is the simplest and most effective solution for you as a user. You don’t have to worry about your e-mail address being spread among spammers with every unsubscribe link you click. Because if it really was spam and not a “real” newsletter, then your address was probably already known to the spammer beforehand.

Based on the differentiation of spam e-mails, for which a visual check is recommended, the SecuMail® daily summary has additional e-mail headers that enable automatic sorting.

The “X-Mailscan-Summary-LowestSpamScore” header contains the lowest spam score contained in the daily summary. This enables individual automatic sorting so that only the daily summaries that are actually relevant end up in your email inbox.

In addition, the header “X-Mailscan-Summary-OnlyHighScoreSpam” provides binary information as to whether this daily summary contains spam emails that should be visually checked. This header takes into account the individual threshold values in your customer configuration.

As in RFC1123 described above, all e-mail servers operating on the Internet must ensure that the addresses used within the header attributes (“From:”, “To:”, “Cc:”, etc.) correspond to the addresses specified in RFC822 meet a defined standard and have a correct shape.

Header entries such as “Cc: Peter” are therefore not permitted and are therefore converted to “Cc: Peter@invalidaddress.secumail.de” by the SecuMail® servers.

Classification of the filter levels in the daily summary:

The daily summary contains three categories (spam, files, viruses).

The e-mails are assigned to a specific category depending on the filter level:

1. Spamlevel 2
2. Fileslevel 4, Level 6, Level 7
3. Viruseslevel 9

More details:

Call us on 08171-246920 or send an e-mail to the SecuMail® team (support@secumail.de). You will receive all the help you need from us at first hand.

Your mail server must be configured for SecuMail^® not be specially adapted. It is also not necessary to install any additional software. SecuMail^® is activated via the MX entry in the DNS of your email domain. SecuMail thus filters^® already removes your unwanted e-mails and only sends the “good” ones to your existing mail server. The following points should then be clarified:

• Your mail server should be operated exclusively by SecuMail^®-Servers to prevent spam from being sent to SecuMail^® be delivered to you. (See FAQ entry for details)
• Your server should not perform any anti-spam measures. In particular, any existing SPF check MUST be deactivated

Naturally. Many of our customers secure their cloud services with SecuMail. Especially with Microsoft 365, (additional) protection against spam and malware is advisable, as the functions provided are very rudimentary. If you have any questions, please do not hesitate to contact us. + 49 (0) 8171-246320 / support@secumail.de

To find out more, please read our blog article ‘SecuMail and Microsoft 365 – a strong team’

Regardless of whether you operate a dedicated mail server or use a cloud service, SecuMail is integrated via the MX record.

Activating SecuMail is very easy in three steps – without Installation of additional software or special configurations of your mail server.

Simple in just a few steps:

1. Change the DNS server of the domain Assign MX recordso that it refers to SecuMail.
2. The SecuMail server to the IP-Allow/Spamfilter-Whitelist set.
3. Store the list of e-mail addresses with SecuMail.

When introducing Microsoft 365 / Office 365, the MX may have to point to Microsoft 365 / Office 365 for a short time, but can then be switched to SecuMail immediately.

If you have any questions, please do not hesitate to contact us. + 49 (0) 8171-246320 / support@secumail.de

To prevent greylisting and ensure the smooth receipt of emails from the SecuMail servers, you will find the following options in the “Microsoft 365 Defender” interface under https://security.microsoft.com/antispam the option “Connection filter policy (standard)“. You can then click on “Edit connection filter policy” the SecuMail networks to the connection whitelist. With this setting, connections from the SecuMail IPs of MS365 are accepted in any case and there are no additional checks or delays such as greylisting.

To additionally deactivate the MS365 spam filter and ensure the smooth receipt of emails from the SecuMail servers, set up the following in the Exchange Admin Center under  https://admin.exchange.microsoft.com/#/transportrules the following:

Navigate to “E-mail flow” and select the sub-item “Rules” off. Add a new rule via “+ Add a rule” and then select “Create a new rule” .

In the first dropdown, select “The sender” and for the second dropdown “IP is in one of these ranges or exactly matches“.

Then enter the information described in our FAQ SecuMail IP network areas to.

Under “Proceed as follows”, then select “Change message properties” and “Set SCL (Spam Confidence Level)”. Set the SCL value to “Bypass spam filtering”.

The finished rule then looks like this:

You use Microsoft 365 mailboxes with SecuMail filters and would like to create an automatic synchronization of your mail address list with SecuMail (valid address list). To do this, create a new app in your Azure Admin Panel and let us know the keys you have created.
All addresses (and only the addresses) are then automatically imported daily by Microsoft, so that no manual entries are necessary in the portal.

You can obtain the instructions from our support team at support@secumail.de or download them from the portal if you already have access.

When using our SecuMail filter in conjunction with Microsoft 365, we recommend creating a corresponding firewall rule that only allows incoming emails from the SecuMail IPs, just as with on-premise environments. This ensures that the SecuMail filter cannot be bypassed by sending spam directly to MS365. If required, this rule can of course be supplemented by your own internal or external systems.

You can make the necessary configuration in the Exchange Online Admin Center under “Email flow” -> “Rules” here make.

There, click on “Add a rule” -> “Create a new rule”.

Then make the following settings, as also shown in the screenshot:

Name(any, e.g. “Allow incoming emails only from SecuMail IPs”)

Apply this rule if: The sender is external/internal. The sender is located ‘NotInOrganization’.

Proceed as follows: Block the message. Reject message and insert explanation. Reject message with explanation: (any, e.g. “Blocked by custom ms365 mail flow rule”)

And: Block the message. Reject message with extended status code: ‘5.7.1’

Except when: The sender. IP is in one of these ranges or matches exactly:
The IP address of the sender is located in the area: (Insert SecuMail network areas: https://www.secumail.de/f-a-q/#1509011751766-d54bf2b1-bc78. Can be supplemented with your own IP addresses, e.g. from external service providers or systems, if required)

Control mode: Force

Call us on 08171-246920 or send an e-mail to the SecuMail® team (support@secumail.de). You will receive all the help you need from us at first hand.

Before:

meinedomain.de.   IN MX 10 mail.meinefirma.de.

(or similar, there may be several entries)

After:

meinedomain.de.   IN MX 10 mx-a.secumail.de.
                  IN MX 10 mx-b.secumail.de.

Please note the point after secumail.de!

Note: most hosters require the dot. However, some hosters set it themselves and prevent it from being set manually.

Important:

• Equal priority of mx-a.secumail.de and mx-b.secumail.de.
• Dot at the end of mx-a/b.secumail.de.
• No other MX records, only mx-a/b.secumail.de.
• The original mail server must remain unchanged.

If two entries (mx-a… and mx-b…) with the same priority are not possible for technical reasons, the following single entry is also permitted as an alternative:

meinedomain.de.   IN MX 10 mx.secumail.de.

Please also note the point after secumail.de!

Note: most hosters require the dot. However, some hosters set it themselves and prevent it from being set manually.

The IP addresses of the Secumail^®-Servers originate from the following networks:

212.11.224.0/24 (212.11.224.0/255.255.255.0)

212.11.225.0/24 (212.11.225.0/255.255.255.0)

212.11.240.64/27 (212.11.240.64/255.255.255.224)

If possible, you should configure your mail server so that only emails from servers from all three listed SecuMail^®-IP networks and rejects other SMTP requests from the Internet. Of course, IPs from your internal network, branch offices, field staff and home offices should also be taken into account.

To do this, you have the SecuMail^®-Receive support access data (name / password). You set up a smarthost on your mail server and authenticate it with the user name and password you receive.

You set up a send connector for Microsoft Exchange servers. In this documentation you will find details on setting up Exchange: Set up Microsoft Send Connector

SecuMail^®-Relay for outgoing e-mails: relay.secumail.de

For customers who use SecuMail^®-Encryption for S/MIME encryption and signing, this relay is mandatory: enc.secumail.de

Please observe the following instructions for the careful use of the relay:

• The SecuMail^®-Relay scans all emails for viruses. In the event of an infection, the e-mail is not forwarded (bounced).
• Avoid sending emails to undeliverable or non-existent addresses (especially emails from automated systems such as CRMs etc.)
• Do not send mass mailings via SecuMail^®. There are specialized service providers for newsletter services.
• This service is optimized for forwarding the outgoing mails of your employees (and customers at SecuMail^® Whitelabel). Please do not activate any automatic systems for sending mass emails.

If you have any further questions, please contact our support team: + 49 (0) 8171-246320/ support@secumail.de

The list of your e-mail addresses (valid address filter) can be sent to SecuMail in three different ways^® reach:

1. Manual maintenance via SecuMail^®-Web. The method of choice for smaller customers with up to approx. 150 addresses.
2. Automatic address list import. Larger companies can use SecuMail^® provide a download (http or ssh) of the address list. An export by means of a direct LDAP query by SecuMail^® is possible.
3. Automatic validation via SMTP requests (AutoVAF). This method works completely automatically, provided your mail server can deliver the user information via SMTP. Please ask the SecuMail^®-Support by details. This option is only available for SecuMail^® Whitelabel available.

We will be happy to help you make the right choice.

Yes, absolutely! Any SPF check on your own server MUST be deactivated, otherwise emails could be lost. Only the “first mail server in the chain” is allowed to check SPF. This is an unchangeable feature (a disadvantage) of the SPF standard. This involves checking the SPF properties of incoming emails as an anti-spam measure. If your own domain has set an SPF record, this can of course remain in place. If you use the mailout of SecuMail^® please remember to include this in your SPF settings.

• pbwbxzr@meinefirma.de (“letter salad”)
• thomasbx@meinefirma.de (Names with strange letters)
• katie@meinefirma.de (real, mostly English first names) – …

It is possible to create your own whitelists. You can find instructions on how to do this here.

You may have customers or business partners who need to send you emails with executable files attached at regular intervals. Such emails are regularly blocked by the extension filter as they contain potentially usable attack vectors. They must then be blocked by you as administrator via SecuMail^®-Web can be forwarded. For these cases we offer, exclude individual e-mail aliases from the extension filter to leave. Registered e-mail aliases will then no longer be blocked if you have attached files that contain potential attack vectors. The spam and virus filters remain active. We recommend this setting for individual e-mail aliases where a large volume of e-mails with corresponding attachments is expected. We would like to clearly point out that this Whitelisting this is also accompanied by a moderate reduction in security. Talk to the SecuMail^®-Team if you have any questions.

Yes, we also offer a package for audit-proof and GoBD-compliant email archiving. Our SecuMail^®-Archive is like the SecuMail^® Email filtering service is a cloud service that we provide in our data centers in Munich and Frankfurt. We would be happy to introduce you to SecuMail^®-Archive in person: + 49 (0) 8171-246320 / angebot@secumail.de

Naturally. The encryption, decryption and signing of your e-mails is provided by the SecuMail package^® Encryption in the form of a customized cloud solution from our company. Both packages can be activated individually or together to protect your email communication. Find out more at angebot@secumail.de or call + 49 (0) 8171-246320!

SecuMail^® checks the executability of attachments and filters all corresponding mails. In addition, the following file types are generally filtered:

SHB, SHS, DOTM, CPL, VBA, JSE, WP01, XXE, VBE, MSI, SCR, XMLT, wp03, UDF, SCF, DOCM, cab, MSC, ACE, VBS, CMSOFFICE1, RM, HLP, BAT, COM, wp02, ADP, RTF, ISO, CLASS, REG, WSC, cab2, WFS, LNK, INS, CHM, CLS, URL, JAR, INF, OCX, WSH, BAS, VB, MST, BIN, ADE, SCT, XLSM, STUBE, RT, EXE, HTA, XLAM, CDFV2ENC, CMD, WSF, PIF, CLA, PS1, JS

This list is regularly updated by the SecuMail^® Team.

Additional settings can be configured for you personally.

To enable the encrypted transmission of incoming and outgoing emails, your local mail server requires a corresponding SSL certificate. As soon as this has been installed correctly, communication between your mail server and the SecuMail^® Filter cluster encrypted.

If supported by the communication partners, SecuMail uses^® always uses an encrypted connection for the transmission of emails. If required, an encrypted connection can also be enforced for individual communication partners. Please simply ask us about this!

Possible sources of error when setting up STARTTLS:

• Incorrect SSL certificate integrated: Please check the DNS name and the alternative DNS names (Subject Alternative Names) of your certificate. The host name of your mail server should be included in the certificate.
• Microsoft Exchange Server, certificate incorrectly integrated: Make sure that the correct SSL certificate is stored for the relevant incoming and outgoing SMTP connectors.
• Problems due to firewall or security gateway: Some firewall and security solutions interfere with incoming or outgoing connections in the standard configuration and thus prevent encrypted SMTP connections (e.g. WatchGuard). You should therefore check the settings of your firewall and compare the SMTP banner, for example, in order to identify a possible intervention of the firewall in the SMTP connection.

SPF records help the mail servers to recognize emails that they send themselves as Non-spam to identify you. It is also easier to detect emails that use forged sender addresses from you. If you use our mail server relay.secumail.de as a mail gateway for your outgoing emails, you can set the following text record in the DNS of your domain:

ihre.domain.de   IN TXT   "v=spf1 include:spf.secumail.de -all"

The entry stipulates that only the SecuMail^®-Server to send emails on behalf of your domain. This SPF record can of course be supplemented with additional parameters of your own. For example, if you use your own mail server to send emails or if there is an external web server that also sends emails. If you already have an SPF record, please add to it:

include:spf.secumail.de

without setting a second TXT record. This is helpful SPF generator: http://www.spf-record.de/generator Notethe SPF standard has some serious side effects and is not uncontroversial. For example, redirects to external addresses (other domains) are virtually prevented. We nevertheless recommend using SPF, provided that the possible effects have been carefully examined. If you have any questions, please contact support@secumail.de.

Important: To achieve complete protection against address forgery, which also takes into account the important mail headers, we also recommend creating a DMARC record: Set up DMARC record.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a mechanism for verifying emails and combating phishing and spoofing. It uses existing technologies such as SPF and DKIM.
This is a TXT record in the DNS of your mail domain, which can be set optionally.

You can use this DNS entry to prevent external emails from disguising themselves with internal or third-party sender addresses. This procedure is often used in CEO fraud or spoofing emails. It is intended to create trust with the recipient by making the email appear to come from an internal colleague. The sender headers are simply forged for this purpose. Since there are numerous and sometimes well-known services on the Internet that use such header spoofing for their own reasons, spoofing cannot be filtered in general, but must be defined separately for each domain in the form of the DMARAC entry.

This is done by means of a DMARC record in the DNS of the sender domain (your domain). DMARC then initiates that:

• the From header of a mail from you must also follow the SPF guidelines. DMARC therefore only works together with a SPF record. This defines the servers from which your mail domain may be sent. In this way, forged senders can be blocked.
• Alternatively, if Header-From and Envelope-From cannot be “aligned”, the DMARC entry also accepts mails whose headers have been signed with a DKIM signature.

How is a DMARC record created?

As with the SPF, a TXT record named “_dmarc.” of your domain:   _dmarc.mydomain.com
The following entry is recommended by us and works perfectly with SecuMail:

v=DMARC1; p=quarantine; pct=100; adkim=r; aspf=r

or create your DMARC entry yourself:
https://powerdmarc.com/de/power-dmarc-toolbox
https://dmarcian.com

Further information on DMARC:

Info: https://de.wikipedia.org/wiki/DMARC
Set SPF: https://www.secumail.de/f-a-q/#1489262272575-af5fa3ea-c5da

With SecuMail Filter Plus, we also offer the additional CEO fraud filter. This must be specially configured and tailored to each customer.

What does the CEO fraud filter help against?

The filter recognizes emails that use known names of employees in management positions to “gain trust”.
Example of a sender of this type:  “Peter Müller” <jemand@woanders.cn>   
Peter Müller is the correct name of the managing director of his own company.

How does the extended CEO fraud filter work?

The principle is simple. You create a list for SecuMail with the surnames and first names of selected employees in exposed positions, e.g. managing directors from HRG, accounting/finance, etc.. Mail addresses with these names (not addresses) are then blocked if they come from outside. Only the name of the address is checked and not the address itself.   “Peter Müller”

How is the filter set up?

The list of “exposed persons” should be as short as possible and only include really “important” colleagues.
For each entry, please enter the email address(es) that are allowed to use this name in the sender address. All other mails that have the name in the sender but whose sender address is not listed (together with the name) will be filtered by the spam filter. Mails filtered in this way can normally be forwarded by the administrator or via the daily summary. The list is then incorporated into the system by us.

The list should look like this:

First name; Last name; [optional: e-mail addresses that are allowed externally with this name, if available]
…

Note: We are currently unable to map all employees, as we have to reckon with manual readjustments.

The term “ransomware” stands for malware that potentially causes major damage to infected computers. In most cases, hard disk data is encrypted in order to extort a ransom. The term says nothing about the type of distribution. At present, most ransomware malware is not actually sent by email. Only very simple mechanisms are transported in the emails, which are intended to reload the actual virus on the target computer from the Internet. The reload is usually activated by the user opening a document file. This macro code is often sent by e-mail in the following files:

• MS Office files such as .xls, .doc, .xlsm or .docm. (e.g. Goldeneye, Teslacrypt …)
• Javascript files such as .js, .jse or even in .html. (Locky etc.) – .vbe, .vbs, .exe, .bat …

SecuMail^® carries out a whole range of measures to prevent the transmission of such malware. Signature-based detection is completely inadequate. That is why SecuMail^® specialized in the filtering of attack vectors. Emails that contain a usable attack vector are generally filtered without the need for explicit proof of malicious code.

Examples: SecuMail^® filters file types that are rarely wanted in emails and are often contaminated with malware. These include .js, .jse, .exe, .bat, .scr, .vbe, .lnk  etc. For file formats that are frequently used, blanket filtering would be too restrictive for users, so files such as .doc and .xls and only filtered if they contain a macro. This blanket filtering is not suitable for the Principle of a conventional firewall policy in which a proactive distinction is made between desired and undesired content. In accordance with the policy, desired content is forwarded and undesired content is blocked.

The SecuMail^®-Team is constantly working on the current optimal security policy for all SecuMail^®-Customers and automatically implements all necessary measures and changes in the respective SecuMail^®-Settings. You must therefore not react to current threats yourself, e.g. by adjusting your settings.

First SecuMail checks^® only your incoming mails. Outgoing mails are not affected for the time being, but can optionally be blocked via a SecuMail^®-Relay be sent.

You can select outgoing e-mails:

• send it yourself (problems with MX or SPF settings are not to be expected)
• via SecuMail^® Send relay (please adjust your SPF entry)

The SecuMail^®-Relay service (relay.secumail.de) is optionally available to you. Every e-mail is checked by a virus scanner. The service is distributed across two locations and is redundant. Please ask us about the relay prices.

How do I set up the SecuMail^®-Relay in?

SecuMail^® only accepts emails whose destination addresses are known. All other emails are rejected via SMTP reject. As a result, an undeliverable message is generated to inform the sender. If you require evaluations or log extracts, the SecuMail^®-Team (support@secumail.de) with pleasure.

No. SecuMail^® does not change the content of emails. E-mails are either filtered in their entirety (and forwarded later if necessary) or delivered unchanged as soon as possible. In our view, removing viruses from e-mails is not sensible and involves high risks. The e-mails are only changed at a few points that are technically necessary and invisible to the user (e.g. header). In addition, no copies of e-mails that have not been filtered are archived by us or stored temporarily for longer than until they are delivered.

The SecuMail^®-Servers save all emails that could not be forwarded to the target server and retry to deliver the email at regular intervals. Only after approx. five days would such emails be deleted from the server and an undeliverable message be generated. If you expect a longer downtime of your mail server, please contact us to discuss alternative options.

When forwarding an incorrectly filtered e-mail, simply activate the “Do not filter this e-mail in future” checkbox. Emails from exactly this sender will then no longer be filtered as spam. The sender address is automatically written to a white list. Active maintenance of white and black lists is not possible with SecuMail^® is not usually necessary. If you as an administrator nevertheless require sitewide lists or would like to use existing lists, the SecuMail^®-Team will arrange everything necessary for you (support@secumail.de).

Under certain circumstances, yes. Spam senders in particular remember after changing the MX settings, e.g. after switching to SecuMail^®they like the old MX servers. They expect the “old way” to use fewer anti-spam measures against them. The mails are then still delivered directly to your mail server and have the SecuMail^®-Server never happens. To prevent this, we recommend that you secure your mail server so that it only accepts SMTP connections that originate from the SecuMail^® IP networks. (See FAQ: Which network areas do I have to activate…) In some cases this is not possible, e.g. if you use your e-mail with a hoster with a multi-domain e-mail server. In these cases, the number of “emails sent to SecuMail^® the number of e-mails sent “by” is reduced to almost zero after a few weeks.

Not all e-mail addresses are the same! There are two types of email addresses in an email:

Address in ‘Header’

• appears in the source text of the e-mail in the e-mail headers From:, To, Reply-To: etc.
• Is displayed by the e-mail program as the sender or recipient address etc.
• Is checked by the spam filter whitelist.
• Is not the actual destination of the delivery (for To:).
• Is not or only partially set for newsletters or mailings with BCC addresses.

Address in ‘Envelope’

• The envelope addresses ensure that the e-mail is actually delivered.
• They cannot be found in the source text of the e-mail, as the mail servers do not transmit them after delivery, so they are not displayed in e-mail clients.
• As only the envelope data is relevant for the delivery of emails, these are also used as sender and recipient addresses in the SecuMail^®-Daily summary and SecuMail^® Web and may therefore differ from the addresses displayed in the e-mail program.

SecuMail can of course^® you can also deactivate your own quarantine function and deliver ALL mails after the check. Some mail headers are added to the mails, which can also be used to easily sort them out locally.

The following headers are set:

• X-SecuMail filter level: 0,2,4,…
• X-SecuMail-Quarantine: yes/no
• X-SecuMail spam score: (SA score)
• X-SecuMail spam check: (none/ham/unsure-ham/unsure-spam/spam/definitely-spam)

These headers are always set. Even if, as is usually the case, the SecuMail quarantine is active.

Please note that not all checks are always carried out for load reasons. The scan starts with the highest prioritized level (virus). If a virus scanner finds a virus in a mail, no further or lower-priority checks (e.g. spam filter) are carried out, as they cannot change the overall result.

SecuMail^® delays emails by less than 6 seconds on average. If there are still significant delays, there may be several reasons for this:

• Mails with larger attachments require more time for transmission and the filtering process.
• Unusual load peaks (e.g. due to attacks) on the SecuMail^®-In rare cases, clusters can delay delivery by a few minutes.
• Greylisting” spam filter technology. See also “What is greylisting?” (Greylisting is used by SecuMail^® only applied in very few special cases)
• The chain of servers and network components used to transfer e-mails from the sender to the recipient is different in every (company) network. SecuMail^® is only one link in this chain, so delays can also be caused by external components.

Please contact the SecuMail^®-Team, should you notice any irregularities in any form (support@secumail.de).

No, with very few exceptions.

Greylisting is a form of SPAM prevention that already takes place during the SMTP connection of the mail server. E-mails are initially blocked on first delivery and only accepted on further delivery attempts. This procedure is intended to prevent the acceptance of e-mails sent by “sloppily programmed” e-mail programs on the Internet. These are often used by spammers and malware senders in so-called “botnets” to send thousands of emails. In the event of difficulties or delays, the transfer of individual emails is quickly abandoned and not attempted again in order to send as many emails as possible in the shortest possible time. “Real” mail servers, on the other hand, are much more robust and make several delivery attempts until the email is delivered. Greylisting exploits this difference in mail servers by delaying emails from unknown sender/recipient combinations, meaning that many spams are not even accepted.

The Disadvantage of greylisting is a delay of at least 15-40 minutes for “first contacts” – depending on the configuration of the sender’s mail server. We are convinced that this delay is an unreasonable disadvantage for the e-mail user. We have therefore decided Do not normally use greylisting. If you are a SecuMail^®-Customer has problems with delays caused by greylisting, please contact us.

NotesecuMail^® activates greylisting dynamically in rare cases! The technology is only used for emails that originate from servers that do not meet the usual criteria of a mail server (e.g. correct DNS entry of the IP address, etc.). Emails from “normal” mail servers are excluded from greylisting and are not delayed!

A whitelist entry only prevents filtering based on SPAM criteria. Security-relevant reasons for filtering, such as viruses or executable files, are not affected by this. The SecuMail^®-However, Team can also activate sender addresses for this type on request.

SecuMail^® has a central, highly adaptive analysis system. It learns with every e-mail it processes and presents the information gained in the SecuMail^®-Cluster in real time for further use and filtering. This makes SecuMail^® automatically adapts to the spam traffic of your individual spam volume over time.

You are used to managing a large number of settings from other service providers. SecuMail^®  only offers settings that you actually need, because security is the task of SecuMail^®-Teams. Sit back and relax while we adjust and optimize your filter settings every day. Of course, you have the option of having your settings customized at any time.

Unlike other providers (such as MS 365), SecuMail is^® complete. We do not offer a self-service web portal, but a full service.

No. The SecuMail^® E-Mail-Filterservice can only filter all addresses of an entire domain (e.g. my-company.com). If you only use a single e-mail address, SecuMail^® unfortunately cannot filter these directly (e.g. mustermann@gmx.de). If you have your own e-mail domain, you can have SecuMail^® and forward your previous e-mail address to them.

Virus scanners generally have inadequate protection against email malware, as they only detect viruses when they are known to the virus scanner manufacturer and a signature update has already taken place. Preventive filtering of all file attachments that contain a potential attack vector is therefore necessary. E-mails that are incorrectly filtered due to this issue can be deleted by the administrator in the SecuMail^®-Web and use their trained understanding to decide whether they can forward the email. Office documents containing macros are most frequently affected by this.

Contact the SecuMail^®-Team if individual email connections are to be excluded from this filtering. This may be necessary in individual cases, e.g. if a customer or business partner sends regular or automated emails with problematic attachments and it is not possible for them to switch to a secure format.

Most spam mails are sent with forged sender addresses and would therefore have a different address the next time they are sent.

Unfortunately, the existence of spam or email malware has not been built into the email standard. Therefore, there is no technical way to clearly distinguish a good e-mail from spam. SecuMail^® makes considerable efforts to keep detection as error-free as possible. This has been achieved at a very high level for many years. Learning and evaluating relevant clues in spam emails automatically keeps our filter up to date. From time to time, however, it is not possible to prevent some spam from passing through the filter unfiltered as the tip of the iceberg of a new wave of spam. The SecuMail^®-Team will be happy to help you readjust your filter.

No. The SecuMail^®-Servers save all emails that could not be forwarded to the target server and retry to deliver the email at regular intervals. Such emails would only be deleted from the server after approx. five days. If you expect a longer downtime of your mail server, please contact us to discuss alternative options.

The SecuMail^® Service will create a new password for you. Please send an e-mail with the corresponding request to support@secumail.de.

It is possible to create your own blacklists. You can find instructions on how to do this here.

The fact that your own e-mail address is set as the sender in a spam e-mail to you need not worry you. The sender address can be falsified by spammers without any technical problems. Unfortunately, however, it is not possible to prevent others from misusing your e-mail address as the sender. SecuMail^® often uses such indications of identity theft as an indication of spam or phishing.

Yes, if possible. Carefully selected links in emails are automatically retrieved and checked via HTTP request. If these links automatically load files from the Internet, these files are treated or blocked in the same way as file attachments in the e-mail itself. In SecuMail^®-Web or the corresponding daily summary, the cause of the filtering is displayed as usual, as if the downloaded file had been an attachment. This measure is very helpful for some types of phishing mails with a direct download link.

Indication of side effect that cannot be ruled out: It should be noted that, despite very careful and selective checking and selection of the links, it cannot be 100% ruled out that they are provided by SecuMail^® are checked. This is then equivalent to these links being clicked on without the user really noticing. Under certain circumstances, opt-in/out links or links for password confirmation could also be retrieved in individual cases. For this reason, every customer must decide for themselves whether they prefer the increased security or do not want to make use of this new feature. If you would like to deactivate link verification, please send a short e-mail to support@secumail.de or call the SecuMail^®-Team on 08171-246920.

Send the e-mail attached as an EML file to support@secumail.de.

Important: Please note that we have to obtain some information from the “false negative” spam mail in order to be able to make manual adjustments to the filter. It is best to save the spam mail as EML file (This service is primarily available for spam series or fraud attempts) so that the e-mail reaches us as unchanged as possible. As a rule, it is not sufficient to state the sender and subject or mail ID.

If you frequently come into contact with “false negatives” (e.g. as an administrator), we will be happy to provide you with an Imap box that you can set up in your e-mail program in addition to your own. You can simply drag and drop all “false positive” e-mails into this box. Once the e-mails have entered our system unchanged, they are automatically processed in the learning processes on the servers. Please do not hesitate to contact us! Thank you very much for your help.

If you would like to view the list of email addresses on the general spam whitelist, you will find this in the portal under the menu item “Whitelists”. There you can view and manage whitelists in two variants. Whitelists are available for the Spam category and the Attachments category. In principle, however, it is not necessary to manually maintain blacklists and whitelists on a large scale with SecuMail®, as SecuMail® calculates automatic lists for all users. Note: The general spam whitelist is always valid for all users of a client at the same time.

If you would like to view the list of email addresses on the general spam blacklist, you will find this in the portal under the menu item “Blacklist”. There you can create blacklist entries and delete previously created entries. In principle, however, it is not necessary with SecuMail® to maintain blacklists and whitelists manually on a large scale, as SecuMail® calculates automatic lists for all users. Note: The general spam blacklist is always valid for all users of a client at the same time.

List of permanent SMTP error codes of the SecuMail filter (MXe):

1. “User unknown – denied by SecuMail valid-address-filter”
   Type: 500 (permanent)
   Description:
   The recipient address of the e-mail does not exist and is therefore not accepted.
   Please check the address and correct any typing errors.
   The employee may no longer be with this company.
   SecuMail customers: if the e-mail address is correct, please check whether it has been entered or imported in the valid address filter in the Secumail portal.
2. “Unknown internal address denied – denied by SecuMail valid-address-filter”
   Type: 500 (permanent)
   Description:
   The email was not accepted because the domain of the sender address is a SecuMail-protected target domain of the customer. The address is therefore classified as an internal address and must be approved or registered with SecuMail.
   SecuMail customers: enter the sender address in the valid address filter.
3. “Mail is too large – denied by SecuMail valid-address-filter”
   Type: 500 (permanent)
   Description:
   Mails of extreme size cannot be accepted. The limit usually applies from a low three-digit number of MB total size.
4. “Relaying denied, unknown domain – denied by SecuMail valid address filter”
   Type: 500 (permanent)
   Description:
   The domain of the destination address is unknown or deactivated. Emails to this domain cannot be accepted or forwarded. There may be an error in the MX configuration of the domain.
5. “Unknown internal sender address – denied by SecuMail autovaf via customers MTA”
   Type: 500 (permanent)
   Description:
   see ‘B’
   (via autovaf)
6. “User unknown – denied by SecuMail autovaf via customers MTA”
   Type: 500 (permanent)
   Description:
   see “A“
   (via autovaf)
7. “Destination resource temporarily not available – softdenied by WorNet SecuMail autovaf. Connection Error/Timeout”
   Type: 400 (temporary)
   Description:
   The destination server (customer) is currently unavailable. The mail has been temporarily rejected and your system (qua RFC) is trying to deliver it again.
8. “The recipient enforces secure TLS connections. Please use a more uptodate protocol version – denied by SecuMail ForceTLS”
   Type: 400 (temporary)
   Description:
   The recipient has set minimum standards for TLS encryption, which could not be met. Therefore, the mail could not be accepted. The sender’s mail server should be equipped with the latest security standards so that the mail connection is possible at a secure level. Use current TLS/SSL protocols and secure ciphers.
9. “The recipient domain enforces TLS connections, plaintext is not allowed – denied by SecuMail ForceTLS “
   Type: 400 (temporary)
   Description:
   The recipient has prevented the unencrypted transmission of emails and no TLS connection could be negotiated. The sender’s mail server appears to be outdated and should be equipped with the latest TLS protocols and ciphers.

If you have any questions about our SMTP codes or would like to report a malfunction, please contact support@secumail.de.

In the sense of a modern cloud service, SecuMail^® Filter dynamically calculated according to current usage. SecuMail^® automatically counts the number of e-mail addresses (not users). The invoices are dynamically adjusted to the current usage.

• SecuMail^® Filter:
  SecuMail^® calculates the number of email addresses stored. E-mail addresses that differ only in the domain or by separators such as ‘.’, ‘-‘ or ‘_’ are only counted as one address. Example:
  • John.Doe@firma.de • John-Doe@firma.de  • John_Doe@firma.com  • John.Doe@firma-online.de
  These four addresses would be counted as one additional address.
• SecuMail^® Filter White-Label:
  The white label package is optimized for the simplest and most efficient use by system houses and agencies. Therefore, only email addresses that are considered “used” are charged. Addresses are considered used if at least three unfiltered emails have been sent to them in the last month. As a rule, approx. 25% fewer e-mail addresses are charged than are stored.
  This makes it easy for system houses to flexibly add or remove addresses and domains if they have acquired new customers or need to make other adjustments without having to consult SecuMail about license or cost adjustments^® to make. In general, with SecuMail^® no (over)licensing or reporting of user numbers necessary.

In the sense of a modern cloud service, SecuMail^® calculated dynamically according to current usage. SecuMail^® automatically counts the number of e-mail addresses (not users). The invoices are dynamically adjusted to the current usage.
SecuMail^® White label: The white label package is optimized for the simplest and most efficient use by system houses and agencies. Therefore, only email addresses that are considered “used” are charged. Addresses are considered used if at least three unfiltered emails have been sent to them in the last month. As a rule, approx. 25% fewer e-mail addresses are charged than are stored.
This makes it easy for system houses to flexibly add or remove addresses and domains if they have acquired new customers or need to make other adjustments without having to consult SecuMail about license or cost adjustments^® to make. In general, with SecuMail^® no (over)licensing or regular reporting of user payments necessary.

The SMIME gateway is also calculated dynamically according to current usage. SecuMail^® counts the number of e-mail addresses (not users) participating in the encryption. All other addresses are forwarded without encryption/signing and are not charged. At least 7 addresses must participate in SMIME encryption. The invoices are dynamically adjusted to the current usage.

For the SecuMail^®-E-mail filter service (spam and malware filter) the setup is completely free of charge.

For SecuMail^® Encryption (SMIME gateway), we charge a one-off set-up fee of €250, as this creates an interface to the certification authority.

No.

Yes, the number of e-mail addresses is billed. The number of e-mail domains does not matter.

The most important advantages of SecuMail^® compared to the MS 365 filters:

1. Data protection / GDPR:
   1. In contrast to MS 365, SecuMail^® full GDPR-compliant.
   2. SecuMail^® is operated exclusively in Germany and exclusively by ourselves. This not only pleases the data protection officer.
2. Costs:
   1. Useful filter packages that have a similar filter scope to SecuMail^®are with MS 365 more expensive.
   2. They are twice as expensive because an admin or service provider also has to permanently adjust the security settings as a security expert. With SecuMail^® this service is included as an integral part of all packages. SecuMail^® is a Full service.
3. Flexibility
   1. They are based on what the MS developers/vendors have come up with. SecuMail^® even adapts to your requirements.
   2. SecuMail^® offers cooperation at eye level to.
4. Vendor Lockin
   1. In general, it is not advisable to place the issue of security in the hands of MS. When it comes to e-mail and IT security, of all things, this competitor does not exactly have a positive reputation, especially as MS Office documents are one of the biggest risk factors for which it is responsible.
   2. With SecuMail, you have the support of a local company that treats you as an equal.

… to name the most important advantages.

If you have any questions about SecuMail^® and MS 365, our support team will be happy to help you.

SecuMail^® everyone can afford! Request a quote right now: angebot@secumail.de / 08171-246920

SecuMail^® is available in two versions:

• Filter
• Whitelabel filter for system houses and agencies

The Filter option is available for both variants PLUS available.

We would be happy to create your individual SecuMail^®-Offer. Please contact us at 08171-246920 or support@secumail.de.

Of course you can use the SecuMail^®-Test the e-mail filter service free of charge.

As an interested party, you have the option of SecuMail^® unrestricted and with full functionality to test for one month. The test is free of charge and completely non-binding.

We will be happy to set up your test account for you. You activate the SecuMail test by changing the MX records. You can effectively cancel the test at any time by removing the MX records from SecuMail^® deduct.

Get the SecuMail^®-Set up test position: 08171-246920 / support@secumail.de

When setting up SecuMail^® Encryption, the fee-based interface to the certification authority must be set up from the start, which is why we can offer SecuMail^® Encryption free of charge for testing.

• The excellent filter rate.
• The experts in support.
• The quarantine and preview function in SecuMail^®-Web.
• The simple option for users to forward emails to each other.
• more than 20 years of experience in the field of e-mail security.
• Various techniques, such as DMARC, own DNSBLs, link tracking, domain tracking, attack vector filtering etc ..
• The email firewall that filters malware and spam before it reaches your infrastructure.

SecuMail^® Filter Plus is an upgrade package of the standard SecuMail^®-Filter package. In addition to new enterprise features, enhanced security functions and increased support, it also offers individual customizability.

You can find an overview of the features included on our “Feature matrix”. There you can see a direct comparison of the two packages SecuMail^® Filters and SecuMail^® Filter Plus. You are also welcome to read our blog article “The upgrade package – SecuMail® Filter Plus“.

SecuMail^® is GDPR-compliant. Our cloud service aboutcomplies with the applicable transparency regulations. Please contact us if you have any questions about data protection, TOM or commissioned data processing or would like to know how your data protection requirements can be met with SecuMail^® harmonize. We will be happy to provide you with the appropriate documents.