Encryption features
SurgeMail includes three key features of encryption that you can make use of.
- SurgeVault end to end encryption when sending to non secure systems. (this is a paid add on, not part of the base product)
- AtRest encryption to protect messages stored on the server.
- SSL/TLS to encrypt data in transit between the mail server, your email client, and between servers.
In general, we recommend just the final option SSL/TLS is sufficient, and with the recommended settings data will be encrypted during transit. This feature is completely transparent to the user (easy to use) but keeps their data /msgs and password safe.
SurgeVault and AtRest encryption are both valid in extreme situations (for example a doctor emailing a patient). Basically where there is a legal requirement for a very high level of security then these are worth considering but come with 'inconvenience' proportional to the security. The inconvience is un avoidable as it's a direct result of the security choices.
SurgeVault requires the user reading the message to read via the web interface as the destination users email system is not 'trusted'. Likewise atrest encryption has two modes, in one mode a lost password can be reset, in the other mode, if the user looses their password then even the administrator cannot retrieve it as that would allow them to see the users data.