How SecureLine Works

VIDEO

Check out our SecureLine Escrow Overview and End-User Perspective videos

SecureLine integrates Public Key Encryption, for recipients who are email security savvy with SecureLine Escrow and SecureSend for recipients who are not.

SecureLine Escrow and SecureSend work by creating a secure, simple environment, and bringing the recipients of your messages to the environment instead of forcing them to create their own.

Step 1

The SecureLine user or an administrator uploads contacts, for insecure recipients including a confidential authorization question and answer known only to the recipient, the sender, and other authorized individuals. New secure contacts can also be added while composing messages in LuxSci's secure WebMail client.

Step 2

The user sends a message, either from a desktop client like Outlook, or through LuxSci's modern WebMail client. The transparent encryption gateway will automatically encrypt the message and decide upon the best way to send the message, whether by TLS, Public Key Encryption (2a), or the Escrow Portal (2b).

Step 2a

If a public key is available, SecureLine will transparently encrypt the message and send it to the recipient.

Additionally, if anyone sends the SecureLine user an encrypted message, SecureLine can transparently decrypt the message before delivering it to the user's inbox.

Step 2b

If the recipient doesn't have a public key, then SecureLine will use the Escrow Portal. This works by 1 sending an unencrypted email to the recipient with a link to the escrow portal which includes an embedded code to unlock the message. The user will follow the link 2 to the Escrow Portal which will prompt them for the answer to their Security Question. This will allow them to view the message and reply freely to the user. The end user will 3 receive all messages as normal emails and can respond to them as simple replies- SecureLine will transparently take care of the rest.

Step 3

Any person with a non-secure email address can go to LuxSci's SecureSend portal and initiate a secure conversation with a SecureLine user. This final service closes the loop and allows free flow of secure information to and from your clients, friends and contacts without any special security software or knowledge.

SecureLine Email Security

At LuxSci, we pride ourselves on providing you with the most comprehensive email security available. Combined with the use of LuxSci's TLS- and SSL-based secure information transmission services for WebMail, POP, IMAP, and SMTP, use of SecureLine ensures that your email is as safe as it can possibly be. We achieve this through:

• End-to-end email content encryption: Your message content can be encrypted from the time it is sent, to the time it is viewed by the recipient. This includes:
  • Secure transport - no one can eavesdrop on the message content during any stage of transport or delivery.
  • Secure storage - messages are stored while encrypted on disk so that they are secure in backups and protected against administrative disk access.
  • Access by any recipient with a valid email address - no matter what email service provider they have or email software they use. Only the intended recipients of your messages are given access.
  • Guaranteed integrity of message content.
• PGP and S/MIME: SecureLine uses PGP and S/MIME for encryption. Data stored in SecureLine Escrow is PGP-encrypted. With SecureLine PKI, you can bring your own PGP and S/MIME certificates, have us generate them for you, and interoperate with any other system that supports PGP or S/MIME.
• SMTP TLS: Messages sent to recipients whose servers support SMTP TLS will always be encrypted using TLS during transport to their servers.
  • Opportunistic TLS: TLS will always be used for delivery to recipient's servers that support TLS.
  • Forced TLS: For customers with "TLS Only" SecureLine delivery enabled, TLS usage with recipients whose servers appear to support it is enfored, so that affected messages will never be delivered insecurely.
• Digital signatures: Verify that messages were actually sent by the claimed sender and that messages have not been tampered with or altered in any way.
• Secure TLS-Only Forwarding: Optionally restrict all server-side email forwarding rules from your account to external addresses to be only to recipients whose email servers support SMTP TLS for email delivery.
• Protected login: Your username and password remain secure when logging into our services.
• Tracking and Auditing: SecureLine Escrow allows you to track the receipt and viewing of messages by your recipients.
• Retraction: With SecureLine Escrow, you are able to retract a message (expire a message), effectively stopping a recipient from gaining any further access to the message content.
• Content-Driven Automatic Encryption: SecureLine allows you to set up rules to automatically encrypt only certain messages based on keywords, phrases, and regular expressions that appear within the content.

SecureLine Ease of Use

SecureLine is designed to make it easy to send and receive secure messages. Complexity, usability, and software compatibility are no longer obstacles to effectively securing your communications.

TLS-Only Delivery for Seamless Security

If email transmission encryption is sufficient for your account (i.e. you do not need the further end-to-end encryption capabilities provided by PGP and S/MIME), then the "TLS-Only" delivery option is can make life very easy. When this is enabled:

• All email to any recipient whose servers support SMTP TLS for delivery will be delivered over a Forced TLS encrypted channel, but otherwise unencrypted.
• All email delivered to any user hosted by LuxSci will be delivered over a secure channel, but otherwise unencrypted.
• SecureLine will determine dynamicall, "on the fly", what recipients support TLS or not and use TLS whenever possible.
• SecureLine will fall back to PGP, S/MIME, and Escrow only for messages where TLS is not an option.

With TLS-Only, all internal and a lot of external email communication can be secure without the overhead of more complicated encryption methods. SecureLine automatically takes care of figuring our what encryption method to use for you -- no configuration necessary.

Of course, you can always exempt specific recipients or domains from TLS-Only, if email to them needs to be "more secure".

TLS-Only is optional; however, it does make things much simpler in situations where you TLS transport encryption is sufficient for your account's security needs.

Keep Everyone on the Same Page

Whether you have a large or small domain, it is often more convenient if you have one place for the questions and answers you use on outgoing secure mail.

• Using shared address books makes it easier to have a central location of recipient information (PGP or S/MIME keys, or Escrow questions and answers) accessible to all users.
• Personal, domain-wide, and account-wide global default Escrow questions and answers makes it a snap to send secure email messages to anyone you like using a pre-defined question. This minimizes the setup needed to send secure messages.
• The SecureLine Escrow authorization question and answers can be stored in users' personal or shared address books to make it easy to send Escrow messages to the same recipients using the same question and answers every time.
• Users can manage PGP and S/MIME keys - both personal and external. LuxSci supports simple key generation, as well as import and sharing of external users' keys through shared address books.

Make Your Life Easier with Automatic Encryption

With SecureLine, you don't have to worry about encrypting the same sorts of messages over and over. Simply set up automatic encryption and you're all set!

• SecureLine can auto-encrypt messages to TLS-Only recipients, and recipients with PGP, S/MIME, or Escrow security information pre-configured.
• If automatic outbound encryption is enabled, users can determine what happens to messages that cannot be encrypted; these messages can be sent normally, or refused with notifications going back to the sender.
• Users can choose to have SecureLine auto-decrypt PGP and S/MIME messages as they arrive so that messages can be filtered and stored in an unencrypted format in their email folders. Using secure POP or IMAP, the recipient can then access the message safely in any email client.
• Administrators can all have their users' PGP or S/MIME keys created automatically. They can enforce the automatic use of encrypted outbound email for all users, standardizing the use of secure email painlessly and automatically.

Familiar Tools, Secure Access, Easy Sending

With SecureLine you don't have to learn a whole new set of tools or way to access your email. It's all there, wherever you are.

• All SecureLine features are integrated with LuxSci WebMail, so users can send and view secure messages from anywhere they have access to the Internet, using the same familiar tools for composing and viewing email messages.
• Users can send encrypted messages from any email client connected to LuxSci via our secure SMTP services.
• Users can easily send a single message securely to multiple recipients who require different modes of email security - i.e. TLS-Only, Escrow, PGP, and/or S/MIME. SecureLine automatically picks the best secure communications mode for each recipient, based on the information on file, and manages all of the transmission details for you.
• Our SecureSend portal enables non-users to send secure email messages to SecureLine users.
• SecureLine provides an optional password Escrow service whereby users can have the password to their PGP and/or S/MIME security certificates securely saved in case they are lost. In such a case, LuxSci has a procedure in place to authenticate the user so the password can be retrieved.
• Account administrators can enforce a requirement that their users connect to LuxSci POP, IMAP, SMTP, and WebMail services only over secure connections. This can be configured on a per-user, per-domain, or account-wide basis.
• Users can import and export SecureLine Escrow information and public PGP or S/MIME keys in the address books to and from CSV files. This makes it easy to edit user security data offline and then import it into LuxSci for general use.

SecureLine Features

SecureLine is a feature-rich email encryption system. A detailed list of most of the features is provided below. Please contact us if you have any technical questions.

Sending Secure Email Messages

• Send secure messages using LuxSci WebMail and LuxSci SMTP.
• Attach encrypted content using S/MIME, PGP/MIME, and PGP/Inline.
• Send complex messages with attachments securely.
• Add digital signatures to messages if the sender and recipient have compatible certificates.
• Send one message to multiple recipients who require any combination of encryption mechanisms.
• Continue using LuxSci's email archival/capturing services, outbound email content monitoring services, and global message tagline service.
• Forward and reply-to secure messages.
• Save the disk space of the recipient of SecureLine Escrow messages - these messages only count toward the disk usage of the message sender.
• Determine when your sent Escrow messages expire. At that time the disk space is released and the recipients can no longer access them. This can be specified on a per-recipient basis.
• Define recipient domains that will be exempt from encryption.
• Opportunistic use of TLS for delivery of all messages to all recipients.
• Optional enforced SMTP TLS-Only delivery of messages to recipients that support TLS.

Viewing Secure Email Messages in WebMail

• Supports viewing of messages that are encoded using S/MIME, PGP/MIME, and PGP/Inline.
• Supports Signed-only messages, Encrypted-only messages, and Signed and Encrypted Messages.
• Supports PGP/Inline encrypted file attachments.
• Does not support nested encryption (encrypted messages that are encrypted again).

Viewing SecureLine Escrowed Messages

• Replies to the sender will use the best available or preferred encryption mechanism: TLS-Only, S/MIME, PGP, or Escrow -- based on the original sender's settings.
• Times and dates are shown in time zone of the sender.
• Escrow portal, where you pick up escrowed messages, is secured via SSL.
• Requested read receipts are always sent back to the sender. I.e. read receipts are reliable.

Recipients can:

• View messages and download attachments.
• Check the message access history.
• Reply securely back to the message sender. This message can include attachments and can be composed using a rich text editor.
• Securely download the message to his/her computer in a [.eml] file format that is easily readable in programs like Microsoft Outlook Express, Microsoft Outlook, and Mozilla Thunderbird.

Automated Outbound Encryption

• Auto-encrypts messages sent via secure SMTP.
• Works with any email client with no additional software needed.
• Supports sending to multiple recipients in one message.
• Is configurable on a per-user, per-domain, or per-account basis.
• Forces users to send only via secure SMTP.
• Auto-encrypts to TLS-supporting recipients, other SecureLine users, and recipients in the sender's subscribed address book(s) that have security information defined.
• Has customizable options for recipients to whom messages cannot be encrypted due to a lack of security information on file. It can send normally, with or without notifying the sender, or not send and notify the sender.
• Automatically encrypts based on the matching of keywords, phrases, or regular expressions with your message content.

Automated Inbound Decryption

• Auto-decrypts messages encrypted using PGP or S/MIME.
• Requires that the private key needed for decryption be in the recipient's account and that the password to that private key be stored in the "password escrow" mechanism.
• Passes along messages that cannot be decrypted without changing them.
• Gives the choice of when messages are decrypted. Custom filters can be applied before the message is decrypted (i.e. to save a copy to a separate folder) and more can be applied afterwards.

User Security Certificate Management

• Import and export PGP and S/MIME full public/private key pairs.
• Export PGP and S/MIME public keys.
• Create new PGP public/private key pairs.
• Create new S/MIME public/private key pairs using LuxSci as an S/MIME certificate authority.
• Change passwords on private keys.
• Optionally escrow passwords on private keys. These are encrypted and stored so only authorized LuxSci staff can access them. This provides optional protection against lost passwords to private keys.
• Specify your default or preferred keys for each type if you have multiple PGP or S/MIME keys.
• Rest assured with LuxSci and Thawte, both trusted S/MIME Certificate Authorities. Other popular Certificate Authorities may also be trusted.

Public Key Management

• All users automatically have access to the public S/MIME and PGP keys for all other SecureLine users across LuxSci -- no special configuration or sharing is needed.
• Public PGP and S/MIME keys, as well as Escrow questions and answers can be imported into Address Books.
• Information stored in address books can be used when composing or viewing email for encrypting messages for these addresses or validating digital signatures from users with these addresses.
• If you have Premium WebAide licenses, you can share address books with public key and escrow information with your users so that they can all take advantage of the same information.
• For recipients in your address book, you can configure their preferences of PGP vs. S/MIME vs. Escrow, and PGP/MIME vs. PGP/Inline.

SecureLine Escrow Reporting

Senders can:

• Track messages sent via SecureLine Escrow.
• View details on all messages: the time sent or viewed by the recipient, from what IP address, etc.
• Retract (expire) messages so that recipients can no longer access their content.
• Extend the expiration dates on messages so that recipients have more time to view them.
• Sort and search messages.
• Get read receipts of messages sent via SecureLine Escrow.

Note: this information is available only to the users and not to administrators or support staff.

Administrative Settings

Administrators can:

• Force all messages sent from WebMail by your SecureLine-enabled users to be always encrypted.
• Auto-generate PGP or S/MIME key pairs for all of your SecureLine-enabled users who do not have keys yet. This uses their current WebMail password as the private key password and enables password escrow to allow for lost password retrieval and automatic decryption processes.
• Optionally allow "TLS-Only" to be a valid method of sending outbound secure email:
  • Use "Dynamic" settings where recipient TLS support is determine "on the fly"
  • Use "Static" settings where you specify a list of TLS-Only domains, and only those will be used with TLS-Only
  • Use an "Exempt" list of addresses and domains for recipients whose email should never be sent TLS-Only.
• Optionally force all email forwarding rules to only permit forwarding to recipients whose email supports TLS.
• Force all connections by their users to POP, IMAP, SMTP, and WebMail to be made only securely over SSL/TLS.
• Configure automatic encryption and/or decryption of email for all SecureLine-enabled users.
• Configure a global or domain-wide default Escrow question and answer.
• Configure allow and deny lists to define who can send your users messages via the SecureSend portal.
• Configure automatic encryption and/or decryption of email for all SecureLine-enabled users in the domain.

Pricing

SecureLine Pricing

SecureLine is available as an upgrade to any LuxSci account that includes email or web hosting services. It is priced "per-licensed user" and is tiered based on the number of licenses purchased.

Number of Licenses	SecureLine Price
1-99	$1.75 /license/month
100+	$1.25 /license/month

For customers with dedicated servers that include Private Labeled WebMail, SecureLine for all users is also included in the price of the dedicated server itself.

Choose a package or build your own

• View Packages

 Dedicated server options

• Dedicated Server Options

 Pricing information and questions

• Free Price Quote

 Try before you buy

• Free Trial Account

 Get personalized help

Need help placing an order? Prefer speaking with a member of our sales staff? Request a Sales Callback or Contact Us.