Email Security and Compliance for Remote Work

Pin Live updates

COVID-19 Cybercrime Digest

March 19, 2020  |  Updated: May 28, 2020

StealthMail aggregates the latest news covering the pandemic- related cyber attacks and occurrences and offers your attention a continuously updating digest.

COVID-19 Cybercrime Digest

Subscribe to blog


Email Security

StealthMail makes your emails secure and invisible to email relays, hackers, or Public Internet threats - making email relationship with clients a trusted one via StealthMail’s best-in-class Secure Email Channel.

Moreover, StealthMail gives you full and exclusive control over your encryption keys, data, and access rights - so that your email communication is fully protected.

To start using StealthMail no integration is needed. There are no risks for existing IT infrastructure. The whole deployment takes less than 4 hours. Users get Outlook Add-ins and the server is deployed to Company’s Azure Cloud.



Mail servers are only used to send Stealth-Links. Email content and files are not exposed to Public Internet.



Email is only used to transfer a Stealth-Link. The actual content is sent via secure channels in an encrypted state.



Protect yourself and clients from phishing (whaling, spear, clone, etc. ) and Business Email Compromise Attacks.



Avoid severe penalties, protect your reputation, save time, money and effort.


Email is as secure as a Postcard

Would you send sensitive and confidential information on a Postcard? Would that be secure and compliant, or high risk and a gross negligence? People do this daily using Emails, which don’t even have envelopes like standard mail. i.e. Emails are transferred in Plain unencrypted text via untrusted 3rd party servers (Public Internet).

Sent as Plain unencrypted text - there is no “read authorization” required on email relays.

Sent via untrusted 3rd parties - copies can be made.

Regular Email is impossible to return, and you are exposed to backups on recipients’ computers.

Regular Emails are also exposed to data mining in Web-Browsers, Extensions, and Outlook Add-ins.



Major Email Threats

Email protocol weaknesses

Email protocol (SMTP) sends emails in Plain unencrypted text (RFC 3207) which makes it easy for criminals to read, collect, and alter them.

No real encryption

Most email security solutions offer basic HTTPS, SSL/TLS channel security to an email server, the rest of the route is completed via untrusted 3rd party mail relays and is not protected.

Public Internet

Emails are sent via 3rd party mail relays (over the Public Internet), which are often untrusted and unsecure.

Human error

Employee and management errors, whether malicious or not, create nearly unlimited risks for data breaches.

Legal compliance

GDPR, HIPAA, GLBA, SOX and other regulations require protection of personal information and impose significant penalties both for companies and executive officers who fail to comply.

No Key Ownership

Certain solutions own encryption keys of their clients, which means they can access a client's encrypted information or could accidentally give away access to malicious third-parties.







91 %

of all worldwide cyberattacks start with a phishing email.

57 %

of workers admit to having accidentally sent sensitive information to the wrong person.


Gross, Art. “A Look at the Cost of Healthcare Data Breaches.” HIPAA Secure Now


Gross, Art. “A Look at the Cost of Healthcare Data Breaches.” HIPAA Secure Now

70 %

of cyberattacks use a combination of phishing and hacking.

51 %

of all employees believe safeguarding corporate information is not their responsibility.


Symantec: The Silver Lining – Protecting Corporate Information in the Cloud


Symantec: The Silver Lining – Protecting Corporate Information in the Cloud


Public Internet

All confidential Email and their attachments are transferred as Plain unencrypted text over the Public Internet. Even if a connection was protected by HTTPS using SSL/TLS, all transferred data could be collected, decrypted, and changed at the ISP (Internet Service Provider), mobile network operators or public wi-fi.
Read more in RFC 3207



Email Myths

VPN guarantees security of Email communication in 100% of scenarios.


Email correspondence implies communication with all external users that use different email services. Connecting all possible users in one’s network via VPN is not possible.

VPNs can protect Email traffic in a very limited number of cases. In many other scenarios Emails are exposed via untrusted 3rd party Email relays and the Public Internet.

S/MIME & PGP-based encryption guarantee security.


Single key PGP-based solutions might be vulnerable when the key is compromised. In such cases all historical information, if collected, could be decrypted. It is not possible to re-encrypt historical Emails.

PGP-like solutions send encrypted content over Public Internet. Which makes it available for collection and cryptanalysis attacks.

HTTPS, SSL/TLS fully protect Email communication.


HTTPS is not an end-to-end security solution. It doesn’t not encrypt Emails or attached content and it will not protect your Emails during the entire trip. It only secures the connection channel to your Email server, the rest of the trip via a 3rd party mail relay is not protected by HTTPS, SSL/TLS.

SSL/TLS won’t protect you once credentials are lost via phishing or social engineering attacks - which are the most common.

Secure Email Gateway (SEG) guarantees email security.


SEG don’t protect from Public Internet exposure where data can be collected and may be susceptible to cryptanalysis and other attacks.

SEG won’t protect you from someone cloning your Email account and other attacks once credentials are lost via phishing and social engineering attacks.


Email Shredder

Erase any historical Emails for all recipients on all devices without possibility of recovery



StealthMail provides true end-to-end encryption, where security keys are generated and stored on the user's side. Moreover, only the user owns the keys and decides where to store his email content (on company's local servers, in the cloud, or in StealthMail storage).

StealthMail is a category leading stealth data technology solution based on Secure Dynamic Network Protocol (SDNP).

Microsoft AzureOutlook

Encryption keys

ECC 512+

bit elliptic curve

Data transfer





bit HMAC key

Signature and Auth

RSA 8192


Data storage

AES 256


Passwords hash

SHA-3 512



How it Works

StealthMail uses Email only to send Stealth-Links that do not contain any user information whatsoever.

Only through the Stealth-Links can an authorized user access encrypted Email content and attachments.

This approach to protecting emails makes the gaping vulnerabilities of SMTP, SSL/TLS a complete non-issue.


Microsoft One
Commercial Partner

StealthMail earned Co-Sell Ready Status through the Microsoft One Commercial Partner (OCP) Program. The Co-Sell Program aligns Microsoft’s large, global salesforce behind partners like StealthMail to drive top-notch solutions for customers.

To be eligible, businesses must submit customer references that demonstrate successful projects, meet a performance commitment, and pass technology and sales assessments, all of which StealthMail was able to demonstrate.

Email transfer simulation. Actual content cannot be tracked.

Contact us


We use cookies to improve your experience