How do I configure Hushmail Express?

When you send an email to another Hushmail user you have the option to automatically encrypt the message. In addition if you wish to send an encrypted email to a non-Hushmail user you can do so using Hushmail Express. When you send a Hushmail Express message the email message being sent is encrypted and stored on the Hush servers, and the recipient receives an email notification with instructions on how to decrypt and read the email.  Hushmail Express is available to every Hushmail user. Hushmail Business customers who have enabled domain administration are able to customize how Hushmail Express works for all the users on their domain. The following configuration options are available for Hushmail Business customers:

  1. Do not use encryption, instead send the email in plain text.
  2. Allow the sender to make up a secret question and answer. This option allows the sender to optionally make up a secret question answer each time a message is sent.  With this method the recipient is required to answer the secret question to decrypt the message.
  3. Store the email securely, and invite the recipient to read it using Hushmail Express. This option will automatically encrypt messages, and will not require a question and answer to decrypt the message. With this method the recipient decrypts the message by clicking on the link in the email notification message.
  4. Encrypt the message using a generated password, and email the password to a designated email address. With this method the message is automatically encrypted, and the system creates a password to decrypt the message. The password can then be either sent to a designated email address or to the sender of the email who can then communicate the password to the recipient in person, over the phone, by mail or by email. 

In addition to the configuration options above, Hushmail Business domain administrators can configure Hushmail Express to also allow recipients of Hushmail Express messages to create a passphrase for their email address for future use. When a recipient creates a passphrase an encryption key is created for that email address. The system will from thereon automatically encrypt messages to that email address. Hushmail Business Domain administrators have the ability to make passphrase creation mandatory, optional or not allow recipients to create a passphrase at all. Domain administrators also have the ability to allow recipients of Hushmail Express messages to reset their passphrases, doing so however, renders all previous Hushmail Express messages unreadable.

To configure the Hushmail Express settings for your domain follow these instructions:

    1. Open your browser and go to www.hushtools.com
    2. Enter your domain administrator user name and passphrase.

hushtools_express_config_1.png

    1. Click Sign in.

hushtools_express_config_2.png

    1. Click Administrator Tools

hushtools_express_config_3.png

    1. Click Domains

hushtools_express_config_4.png

    1. Click Configure Domain and scroll down to the Hushmail Express section.

hushtools_express_config_6b.png

    1. Chose your Hushmail Express option:
      1. Do not use encryption, instead send the email in plain text.
      2. Allow the sender to make up a secret question and answer. This option allows the sender to optionally make up a secret question answer each time a message is sent.  With this method the recipient is required to answer the secret question to decrypt the message.
      3. Store the email securely, and invite the recipient to read it using Hushmail Express. This option will automatically encrypt messages, and will not require a question and answer to decrypt the message. With this method the recipient decrypts the message by clicking on the link in the email notification message.
      4. Encrypt the message using a generated password, and email the password to a designated email address. With this method the message is automatically encrypted, and the system creates a password to decrypt the message. The password can then be either sent to a designated email address or to the sender of the email who can then communicate the password to the recipient in person, over the phone, by mail or by email. 

Note. Leave the email field empty if you would like the generated password to be sent to the message's sender. If you do specify a password recipient, that email address must be registered to receive secure email.

    1. Chose from the drop down menu whether you wish to allow recipients of Hushmail Express messages to create a passphrase

hushtools_express_config_8.png

 

    1. Chose from the drop down menu whether you wish to allow recipients of Hushmail Express messages to reset their passphrases.

hushtools_express_config_9.png

  1. Click Save you have now successfully configured Hushmail Express.

Click here for help sending a Hushmail Express message

Click here for help reading a Hushmail Express message 

Best Practice for Hushmail Express

 

The default configuration for Hushmail Express requires senders of an email to set a question and an answer as the key to encrypting and decrypting the message. The following should be considered when deciding how to use Hushmail Express and when creating a question and answer combination for a Hushmail Express message.

The best question and answer combinations are those that are of a “shared secret” nature. In other words information that the sender knows and the recipient knows but that is not widely known by parties other than the sender/recipients. Typically this is possible where the sender and the recipient have a pre-existing connection, such as a customer relationship.  It is not recommended that a question/answer combination be used where the answer can be calculated, or otherwise determined through knowledge of fact. Examples of question/answer combinations that can be used are:

  1. Customer account numbers
  2. Customer security code or PIN numbers 
  3. Date of last appointment
  4. Date (or where) person sender met recipient

Where the sender and recipient do not have pre-existing knowledge of each other sufficient to create a satisfactory question/answer combination. Or where you wish to register the recipient email addresses by requiring the recipient create a passphrase so that future communication will be seamless then you should consider using one of the other encryption options such as:

  1. Automatically encrypt the message and send a secure email to the recipient which does not require a passphrase to decrypt the message, but does require that the recipient creates a passphrase for future email correspondence. Subsequent communication will be automatic because when the recipient created their passphrase they created a public key to be used for future communication.
  2. To automatically encrypt the message and send a secure email to the recipient which does require a passphrase to decrypt the message, and also requires that the recipient creates a passphrase for future email correspondence. The system will send the automatically generated passphrase to a separate email address designated by the customer. The passphrase can then be communicated separately, by phone, mail, fax, email or in person to the recipient. Once the recipient has created their passphrase subsequent communication will be automatic because when the recipient created their passphrase they created a public key to be used for future communication.