Home>FAQ>Email Encryption and Signature Services FAQs

Email Encryption and Signature Services FAQs

  • 1. My company has deployed email security gateway, but it doesn’t support decrypting encrypted email. Do we need to purchase MeSign Mail Gateway to replace the gateway that we use currently?


    As far as we know, almost all email security gateways currently do not support processing the encrypted emails. Encrypted emails can only be released or intercepted, because the keys are usually stored on the user's computer in the traditional email encryption method, so that email gateway can do nothing to help. Some gateways support users to upload email encrypting certificates, but it is unrealistic to require employees to export encrypting certificates and then upload them to the email gateway by themselves, because these two processes are too complicated and error prone.

    As the HTTP cleartext transmission is going to be replaced by the ciphertext transmission HTTPS, the cleartext MIME email will also be replaced by S/MIME email soon, so that the widely used email security gateways should support S/MIME encrypted email decryption as well. If the email gateway deployed by the user does not support decrypting encrypted emails, user can purchase MeSign Email Cryptographic Gateway (MECG) to dock to the existing email security gateway and is responsible for decrypting the encrypted email, the existing email gateway manufacturer needs to support docking the email decryption function. For more information, please visit "Deploy MeSign Mail Gateway on premise for email encryption and decryption".

    If the user’s email security gateway does not support docking with MECG, the user needs to purchase MeSign Email Gateway to replace the existing email gateway product. We’d love to provide discounts if you are interested in replacing your email gateway, please feel free to Contact Us.

  • 2. Our company only need employees to be able to send encrypted emails, do we need to purchase MeSign Mail Gateway?


    If you only need employees to be able to send encrypted emails, you only need to require all employees to use MeSign APP as email client for email communications, and you don’t need to purchase MeSign Email Gateway.

    MeSign APP enable users to encrypt every email automatically, and it is completely free. It automatically configures one encrypting certificate and one signing certificate for free. If you purchase the Business Pro Edition, all employees will automatically have the Employee Email Certificates for free, so that every employee can send signed emails showing the name of your organization, enhance email trust and facilitate more online business.

  • 3. Our company have been using Outlook, so it is unlikely to require all employees to change to MeSign APP. However, we want all employees’ emails can be encrypted, how to do?


    Although we hope that all employees can use MeSign APP to fully automate the email encryption, but indeed, as you said, employees may be not willing to change their familiar email client to use a new one, but your company also hopes to automatically encrypt all emails to protect your business confidential emails. We have been well aware of this increasing demand from users and we have successfully developed a MeSign Mail Gateway, which can enable employees to automatically encrypt every outgoing email and automatically decrypt every received encrypted email without changing the email client software.

    Therefore, your company needs to purchase the MeSign Mail Gateway and MeSign Key Management Service or MeSign Key Management System, so that no matter which email client software employees are using, the gateway can ensure that the email is encrypted throughout the entire process. For details, please refer to "Deploy MeSign Mail Gateway on premise for email encryption and decryption automation".

  • 4. Does MeSign Email Gateway also detect malware email attachments like other email gateways?


    Yes, MeSign Email Gateway integrates the cloud virus scanning service provided by 360 Security Brain used for detecting the URLs and attachments in the emails. Using 360 cloud scanning service can protect the confidential information in the email attachments, because we only need to submit the HASH of the email attachments to the cloud to detect the malicious attachments or malicious URLs. 360 Security Brain has one of the biggest malicious file database in the world, so this service can effectively detect the malicious attachments quickly. Using cloud virus scanning model is much quicker and more accurately than on-premise virus killing engine and virus database, because the on-premise virus database cannot achieve real-time update and cannot contain too much virus data in the database.

  • 5. Does MeSign Email Gateway support Data Leak Prevention like other email gateways?


    Yes. After receiving the user sent email, the MeSign Email Gateway will decrypt the email first if it is an encrypted email, and will detect whether the content of the email contains the information that is not allowed to be sent out according to the rules of anti-leak keywords set by the administrator. If the email has been detected contains anti-leak information, then the email will be forwarded to the organization internal auditor according to the rules set by the administrator or directly intercepted and returned to sender. If the auditor released it, the email will be encrypted and be sent.

  • 6. Does MeSign Email Gateway support smart SPAM interception?


    Yes. The MeSign Email Gateway (MEG) integrates smart anti-SAPM system, support emails in English, Chinese and other languages. This is an intelligent learning system, so the longer it is used, the stronger and the more abilities for intercepting the spams will be had. It upgrades the spam database constantly by adding the spams list reported by MeSign APP users, so it can effectively detect the spams. MEG supports the administrator to set up the allow list and blocklist, as long as the sender from the allow list, the emails will not be intercepted and it will be passed directly; if it is from blocklist, then block all.

  • 7. Why do I need to purchase the MeSign Key Management Service or MeSign Enterprise Key Management System when deploying the MeSign Mail Gateway?


    Having the encryption keys is the prerequisite for decrypting the encrypted email by MeSign Mail Gateway. Therefore, you must first assign an encryption key to each employee firstly. This key can be purchased from MeSign Key Management Service for the public provided by the MeSign Key Management Service, or you can purchase MeSign Enterprise Key Management System deployed it on your premise for distributing encryption keys to employees. The first option has lower cost than the second option. The first option is a pay-as-you-go service and you can pay it on an as-needed basis without investing on hardware systems and software systems. The second option not only requires for purchasing the hardware and software systems, but also requires the related infrastructures and management regulations to support the operations of the systems. In addition, it requires high investment and it has long construction period, but it can meet the demand of users who want to control the encryption keys independently on their premises.

  • 8. If the email gateway deployed by our company already supports S/MIME email encryption and decryption, is it only necessary to deploy the MeSign Enterprise Key Management System?


    According to what we already known, currently only a few mail gateway products support S/MIME email encryption and decryption, and they require users to upload email certificate (.PFX) files to their system. Each employee is required to apply for an email certificate from a CA, and then export the certificate file and upload it to the email gateway. This is practically impossible for an organization with hundreds or thousands of employees.

    Therefore, we recommend users to purchase MeSign Enterprise Key Management System or MeSign Key Management Service. In addition, the mail gateways are required to be able to dock to the key management system, so that the employees’ encryption keys and public keys can be retrieved from the key management system automatically. This is the best way to enable zero-touch and automated email encryption and decryption for employees.