Secure Mail sending with Comcrypto MXG

Send your email with sensitive data fully compliant with data privacy laws using Comcrypto MXG which ensures that the receiver will get the mail with maximum protection.

defendeer

defendeer

Send emails with sensitive content protected with Comcrypto MXG. The Comcrypto solution enables data protection-compliant e-mail transmission without demanding major changes to user behavior. This ensures that the data protection and privacy requirements can be met when sending emails in day-to-day business.

Send sensitive Emails like digitally registered letters

Guarantee the protection of sensitive data during transmission through the email channel and thus also meet the legal requirements when sending highly sensitive personal data in emails. Let’s ensure that your email with sensitive data will be sent with highest integrity such as registered letters that let you know if the mail content has been received untouched and the receipt has been confirmed.

Defendeer

Can I send highly sensitive data via email?

Generally speaking yes as the email-channel established itself as the main instrument for exchanging information in daily life in the last years. This led to the fact that legislation has been more strict and regulated the handling of highly sensitive data such as personal information, health data, financial data, and much more.

One of the core requirements by many data privacy acts around the globe is that highly sensitive data sent by email must be transmitted with highest protection measures. The data protection requirements are fulfilled by encrypting either the email itself or ensuring the secure transmission of the email (transport encryption). Adhering to data protection enables parties to communicate by email in a legally compliant manner.

Defendeer

Why should we also be interested in the e-mail channel?

Today most users are familiar with the encryption of data traffic when using an Internet browser while using online services such as eBanking, shopping, and much more. With the technologies used today for data transport encryption, browsers check the security level of the connection before the actual data is exchanged and warn the user immediately in the event of any irregularities.

Although the same type of encryption is used between e-mail systems as is used between the browser and web server, the e-mail systems currently do not perform any security checks among each other and thus cannot warn the user of corresponding problems.

This means when sending emails with sensitive content, the sender cannot check whether the recipient has received the data without being read (or changed) by third parties.

Defendeer

Send essential emails protected with comcryptoMXG solution

Our solution comcryptoMXG email gateway enables the transmission of data protection compliant emails without any major changes of the user behavior. This guarantees that the required protection needs can be met in a day-to-day business sending sensitive data through an email channel.

ComcryptoMXG can be installed and managed either onsite at the customer’s data center or as a cloud-based service.

Defendeer

How does it work?

When sending e-mails with sensitive content, the question is what possible risks exist during the transport of the mail from the sender to the receiver. For this purpose, possible scenarios are considered, especially when sending legally protected highly sensitive personal data:

Normal risk: Requires transport encryption

Examples: invoices, registrations of all kinds such as orders, etc.

High risk: Requires qualified transport encryption

Examples: doctor's appointment, doctor's certificates, wage statements, bank payments, public administration, etc.

Confidential: Requires end-2-end encryption

Examples: medical history, reports, bank statements, tax documents, legal documents, demographic details, etc.

Qualified Transport Encryption

Qualified transport encryption for the e-mail transmission of high-risk personal data, which includes the following additional functions:

  • Secure DNS lookup to rule out fake IP addresses
  • Certificate check of the recipient system to rule out “man-in-the-middle” attacks
  • Use of cryptographic methods including "Perfect Forward Secrecy"

Password encryption for e-mail communication for confidential content or which are subject to confidentiality (e.g. doctors) or as an option, if the transport encryption cannot be guaranteed.

Defendeer

Qualified transport encryption (QTLs) as the new standard

ComcryptoMXG uses the new standard of qualified transport encryption for the first time comprehensive for secure e-mail sending. Your e-mails are only transmitted after the fully automatic verification of the recipient server via secure TLS encryption.

You can recognize the secure and qualified transport encryption by the (green) lock symbol in the browser. Attackers on network traffic, so-called man-in-the-middle, are effectively repelled. Comcrypto MXG uses qualified transport encryption (QTLs) for sending e-mails and makes this recognizable for the email recipient with the lock symbol.

Defendeer

What exactly does QTLs mean and how does QTLs work?

The qualified transport encryption QTLs performs three very decisive verification steps to guarantee the security of the e-mail transmission.

  • Secure DNS lookup: The IP address of a recipient system must be retrieved in a forgery-proof manner.
  • TLS certificate check of the server: The certificate must be valid and issued by a recognized institution.
  • Secure encryption: Only the algorithms, ciphers and key lengths permitted by the BSI are used for encrypted transmission. The encryption cannot be cracked in a finite time.
Comparison of qualified transport encryption with normal transport encryption

The qualified transport encryption transmits an e-mail securely and 100% in compliance with data protection regulations.

The previous, normal transport encryption does not meet these criteria and is therefore not secure! You should not use this option for sending highly sensitive data in the future.

Why do we need ComcryptoMXG? Our email server is already using transport encryption

In fact, many email servers already encrypt with TLS. However, this is only normal transport encryption. The verification of the recipient server does not take place. This makes it easy for “man-in-the-middle” attackers to act as the recipient server and receive all data. The mail is encrypted, but not secure.

Functions of comcryptoMXG

The architecture of comcryptoMXG is designed in such a way that the current and future legal, regulatory and company-internal requirements can be configured and combined with the necessary cryptographic procedures.

Password encryption can also be used automatically if the security of the transport channel is insufficient.

In addition, comcryptoMXG includes existing cryptographic products such as S / MIME, PGP, PDF / ZIP encryption, FTAPI, cryptshare, Sophos SPX, Azure Information Protection and SEPPmail in the data protection-compliant e-mail transmission (management function).

Alternatively, you can of course also use comcryptoMXG as a cloud service, for example as an e-mail gateway for Exchange Online / Microsoft 365 or you can use comcryptoMXG as an external relay in self-hosted e-mail systems.

Comcrypto MXG recognizes the security features and deficits of the recipient systems and takes the necessary measures according to the risk classification to establish the necessary level of data protection.

Monitoring takes place in the management console and can be exported as a regular report, e.g. for internal or external audits.

Industry specific solutions

We offer bespoke secure email gateway services to industries such as health care, financial services, law & legal services and many more. They all have one thing in common: they send sensitive data in emails daily. To be compliant with the data privacy laws they have to guarantee that the mails have been sent encrypted and received integer.


Available Secure Mail-Services:

FINANCE

Financial service providers who sends financial data to their customers

HEALTH

Dentists, Doctors, Therapists, Psychologists, Hospitals etc. who sends health data among each other’s or to patience itself

GOVERNEMENT

Government services who communicate with the citizens


These services are available as a SaaS-model integrating our Comcrypto-MXG service in the Cloud.

Management Console for high visibility and transparency

Let’s Collaborate

Visit our products pages to read more about the capabilities and features of products:

Get more information

Download our Factsheets Here German English
Disclaimer:
ComcryptoMXG is a product/service from comcrypto GmbH, Brückenstraße 4, 09111 Chemnitz, Germany.
All rights reserved. The content is protected by copyright!

Sign Up for Our Newsletter!