Mailprogram Integration

Many users prefer to use their standard e-mail program for sending and receiving secure messages. Therefore PrivaSphere Secure Messaging can be integrated into your standard e-mail user interface by the configuring of an additional e-mail account. The user then can choose between the appropriate transmission channels - PrivaSphere Secure Messaging for messages containing personal or confidential information.

Add a new mail account in Outlook

1. Tools > eMail Accounts > Add a new eMail account:

Choose 'POP3' eMail server type and click 'Next>'

2. Configure Internet eMail Settings (POP3):

  • Enter incoming mail server (POP3): .
  • Enter outgoing mail server (SMTP):
  • Enter your PrivaSphere account login (=e-mail address) as "User Name"
  • Enter your PrivaSphere password as "Password"
  • Do NOT check the box for Log on using "Secure Password Authentication" (SPA)
  • Do NOT click on "Test Account Settings" - it will not succeed since PrivaSphere only accepts encrypted connections that will be configured next and it might disclose your PrivaSphere password such you will have to change it immediately thereafter!


3. "More settings ...":

Tools > eMail Accounts > View or change existing e-mail accounts > choose the newly created account > Change > More settings ...

  • General: name Mail Account: 'PrivaSphere Secure Messaging'
  • Outgoing Server: check the box for "My outgoing server (SMTP) requires authentication"


  • "Incoming server (POP3): 995", check the box for "This server requires an encrypted connection (SSL)"
  • "Outgoing Server (SMTP): 25", check the box for "This server requires an encrypted connection (SSL)"
    HINT: if port 25 does not work, take port 465 with SSL (some internet providers block port 25 for encrypted connections)

If your mail program supports not just SSL, but also TLS, then choose TLS. (E.g. Mozilla Thunderbird 1.0 offers this and choosing SSL will change your port to the legacy port 465 instead of 25.)For example with Lotus Notes, choose the legacy port 465 - it will not work with port 25, i.e. with "STARTTLS". This finishes your configuration.Hint: Anti virus software installed on your computer system may interfere with sending secure emails (Symantec Norton, McAfee, etc.). Use Port 465 for the outgoing server (SMTP) instead of port 25 in this case..


  • Prepare a test message.
  • Choose in Accounts 'PrivaSphere Secure Messaging' for transmission
  • Send the message

If you prefer not to configure your mail program yourself, then contact a PrivaSphere representative or partner for additional assistance.

Professional users working from a locked corporate desktop or rigidly closed outbound firewalls might need their IT department to enable the mail account configuration option. Contact a PrivaSphere representative for additional assistance.

Note: Outlook 2016 has a new tutor since release of August 2017. It severely restricts the configuration of new individual accounts.

Use the "Windows System Control" -> "Mail" function for the configuration.

see also:

Send feedback to PrivaSphere

PrivaSphere integration in e-mail clients is - due to the strict adherence to established standards - generally possible, but in particular was tested with the following programs:

  • Outlook 2010 and newer
  • Mozilla Firefox
  • iPhone iOS 4 up to 9.1
  • iPad iOS 4 up to 9.1
  • Lotus Notes Client V.6 and later
  • Entourage 2004 and later
  • Pegasus Mail Client V 4.21c and later
  • Eudora Mail Client 6.1.2. and later
  • Novell GroupWise V 6.5 for Windows and later
  • Macintosh Apple Mail
  • eMail Microsoft PocketPC 2003 and later
  • Nokia Email 10.02 for Symbian OS
  • Android Mail

For detailed configuration information, please contact our hotline -

PrivaSphere Secure Messaging can also be integrated is scanners with mailing functonalities.

Example: Konica Minolta C220

1. Tools >Extras > Accounts:

  • Get the configuration file ‘PrivaSphere Secure Messaging.iaf’ (Attached below)

2. Tools >Extras > Accounts:

  • Open your Outlook Express – go to ‘Extras’ – ‘Accounts’


  • Import the configuration file:




  • Press ‘send – receive’


  • A pop up will open – fill in your eMail address and your password you choosed for your PrivaSphere account



  • You will receive and send your secure emails with your eMail program.

PrivaSphere stellt ein Outlook AddIn zur Verfügung, mit dem die Steuerung von PrivaSphere Secure Messaging und PrivaSphereSignature Service bequem aus Microsoft Outlook erfolgen kann.


Die neue Version enthält den "Descreete PDF Signer" - damit können PDF Dateien direkt im Outlook qualifiziert digital signiert werden.

Siehe Anleitung PrivaSphere Sign & Send

Outlook AddIn V.3.3.2 (15.02.2023):

Microsoft Outlook 2019 / Plus 2019 (32bit und 64bit)

Microsoft Outlook 365 (32bit und 64bit)


Microsoft Windows 10

Microsoft Windows 11

Der Einsatz des Outlook AddIns ist kostenpflichtig - bitte kontaktieren Sie für den Einsatz unser Sales Team:

+41 43 299 55 88

Der Einsatz des AddIns erfolgt auf eigenes Risiko und ohne Gewähr. Die PrivaSphere AG und der Hersteller lehnen jede Haftung ab.

Andere Plugins für Lotus Notes und Thunderbird auf Anfrage.


siehe auch:

To generate the subject tags for PrivaSphere Secure Messaging we found the following Thunderbird Add-On:

Subject Manager is a Thunderbird add-on which allows to manage subjects of emails. The main purpose is to store user-defined subjects and offer a convenient way to insert them into subject field.
For Thunderbird 60.9.1 (32-Bit) and older (see decription of the developper).

Just add the PrivaSphere Subject Tags as shown below.

How to use tha Thunderbird Add-On

The configuration:


Thunderbird AddOn "Quicktext"

Using Thunderbird, Quicktext is a good tool to insert subject tags to messages for triggering PrivaSphere Secure Messaging.


Download standard PrivaSphere configuration file (xml)

tested with: 68.2.2 (32-Bit)




see also:

With PrivaSphere Secure Messaging all emails received can be delivered directly to the recipient’s inbox on its mail server.

The advantages are:

  • Direct delivery of confidential mails to user's mailbox
  • Less pickup invitations and web-logins
  • More mails securely and immediately in user's standard mail client
  • More mails protected with user's standard mail servers malware filtering (virus/spam/...)
  • Included in user's archive
  • Handled by user's deputy rules

The decision whether PrivaSphere delivers the emails to the recipients servers is taken by the individual recipient.

Precondition is a SSL certificate installed on the server that passes preliminary validity tests by the PrivaSphere platform.

! Please have only mails delivered to a ‘normal’ email server if you are sure that the security of your server meets your security requirements for confidential messages!

PrivaSphere does not support this delivery service to free public mail services such as hotmail, gmx, gmail and others due to security reasons.

In ‘My Account’ there is a section ‘Domain mail server (TLS)’

If the user's email server presents a SSL certificate, PrivaSphere will ask the user to judge its appropriateness for delivery. This check is done for the first received email.

PrivaSphere presents the found certificate:

on's domain mail server, found - the following TLS-Server-certificate:  OU=My Company, CN=*, O=*           
The certificate can be viewed in detail or downloaded as file.

Shall PrivaSphere directly deliver your messages (encrypted with the above certificate)? Please choose one of the following options:

Yes please

My confidential contents can securely be deposited into a server receiving mails encrypted with the above certificate.

Please ask later

I first have to check with my security officer/mail administrator.

Do not use this certificate

This certificate is not good. Perhaps a Man-in-the-middle attack? Possibly there are other good ones.

No thanks

I prefer not to use this feature for my confidential e-mail.

After acceptance you will find the setting in ‘My Account’ - ‘Domain mail server (TLS)’.

Change the settings or switch the delivery service off.

If the delivery is switched off, press the green button to reactivate the service:

Receiving an email delivered with asymmetric TLS encrypted

There are two indicators to recognize the delivery of a secure email via asymmetric TLS encryption:


Text in the mail body:

PrivaSphere Secure Messaging inserts a warning in the mail body:


the information is also available in the mail header:

For more information about TLS encryption see:


Make sure that your server is actual and does not send any attachments and message text back without encryption ("bounce") in case of malfunctions or errors. Unless confidentiality is also important for your relationship, it is advisable for the rare cases of internal faults of your mail server to not use bounces but use other alert mechanisms.

Size restrictions on internal redirectsPrivaSphere Secure Messaging delivers mail s up to the size your accepted 'forefront' mail server accepts. If you set up forwarding, you must ensure that the conditions the same (or larger) size restrictions. Otherwise, large emails are not delivered.


See also:

For the domain (with domain integration or asymmetric TLS) delivery or ‘NoStore’ delivery of messages PrivaSphere Secure Messaging checks the maximum size of accepted messages on the receiving server to facilitate the successful delivery.

If the sent email is too big to be delivered it will be split to several partial mails which fit the server’s size restriction. Typically, each message share will contain the number of attachment that just still are likely to be accepted size-wise.

If a single attached file is even too big on its own to be delivered in one message share, it will be split in several ZIP attachments each being put into a share.

To put these files back together, the individual parts must be copied to a local directory to be subsequently assembled with a suitable program back together.

Several ZIP programs can handle split, encrypted ZIP files (as WinZip, 7-Zip and others).

See also:

The PrivaSphere signature and policy management offers a security officer the possibility to

  1. With a few GUI clicks you find out which TLS certificates are visible from your destination domain servers
  2. if you deem a certificate good, with a simple click, you can set the use of the certificate with TLS to this destination mandatory for any transmission to this destination.  (a set of multiple certificates for one destination if they have multiple mail servers is also possible)

 Advanced features:

  • if you use the signature service already, you will be able to see whether the destination certificate was seen PrivaSphere earlier already ("opportunistic TLS" is default at PrivaSphere [see]).
  • quite some domains have alternate domain names (e.g. SIX-group more than a dozen) - often they all use the same set of mail servers. With a few clicks, you only have to approve the TLS certificates once and define other domains as alias domains.

Caveat: This service protects only the domain-to-domain relation. If you want to use the PrivaSphere value added services like 'misrouting protection' or initial authentication with MUC or eGov registered, you need to use the PrivaSphere main platform.




For security admins:

SHA256  as published by a domain admin (example):

As shown in PrivaSphere interface after pressing green OK button:




It's possible to 'grandfather' TLS configurations from an old certificate to a new one.

Conditions préalables

Version Outlook for Web

Les versions et Mac sont compatibles.
Pour les comptes intégrés via IMAP, les Add-Ins .Net ne sont pas supportés par Microsoft Office 365. (Via POP3, les comptes ne peuvent pas être installés en ligne dans Office 365).

Version Outlook pour Windows

•    Outlook 2016 ou plus récent
•    Seules les adresses de messagerie connectées via IMAP ou Exchange/O365 sont installées dans le même profil Outlook (condition pour démarrer le nouvel Outlook).
•    Le compte de messagerie doit être connecté via Exchange ou O365.

Protocole d'envoiAdresse gérée simultanément dans OutlookUtilisation de l'add-in pour l'adresse



Si, pour cette raison, l'add-in .Net n'est pas une option pour vous, nous vous recommandons la version précédente, l'add-in COM. Le développement de celui-ci a été arrêté, mais il a les mêmes fonctions.


Dans le nouvel Outlook, sous "Obtenir des add-ins", il est possible d'ouvrir la boîte de dialogue pour l'installation de nouveaux add-ins.

Si ces boutons ne sont pas visibles, vous pouvez les activer sous Affichage/Paramètres d'affichage/Courrier électronique/Personnaliser les actions peuvent être affichés.

Si cela n'est pas possible non plus, la boîte de dialogue avec login peut être appelée directement via pour Outlook live.

Là, sous "Mes add-ins" ci-dessous, il est possible d'installer des add-ins qui ne sont pas distribués par Microsoft.

Le fichier d'installation s'appelle manifest.xml
Au prochain démarrage d'Outlook, l'add-in sera alors actif.





a) Messagerie

Lors de la rédaction d'un nouvel e-mail, le bouton sous Add-Ins est à votre disposition. Vous pouvez y choisir les fonctions sous "Envoi sécurisé".



b) PDF Signer

Le PDF Signer local "discret" est également disponible dans l'onglet. Le Signer peut accéder à tous les PDF joints au mail.Sous Paramètres, vous pouvez enregistrer les options par défaut à l'étape suivante.


Le signataire vous demande votre login PrivaSphere. Toutes les autres données sont facultatives et vous permettent de configurer votre signature comme vous le souhaitez.
Vous pouvez placer et mettre à l'échelle votre signature vous-même.
La "signature" déclenche alors votre authentification d'identité auprès de Mobile ID.
Les PDF signés reçoivent le complément "-sig" à la fin du nom de fichier.

Plus d'informations sur la signature de PDF ici

c) Vérifier l'e-mail

Saisissez l'adresse dans le champ d'adresse et appuyez sur Vérifier. (L'application web vous demandera peut-être votre login PrivaSphere).
Il vous sera alors directement indiqué si l'adresse vérifiée est interne par rapport à l'adresse de contrôle et si elle est identifiée pour la réception d'e-mails eGov.

Vous trouverez plus d'informations sur le contrôle des e-mails ici



a) Messagerie

Ici, les différentes options de la messagerie peuvent être affichées ou masquées et la valeur initiale de chaque option d'envoi peut être définie.

Ces options peuvent être imposées au niveau de l'organisation et n'apparaissent alors pas pour l'édition.

b) PDF Signer


ici, il est possible de définir tous les paramètres par défaut dans le signeur

Voir aussi :

Il peut souvent être utile de savoir à l'avance si un MUC sera déclenché et si l'on doit remplir l'un des champs, si l'on ne veut pas envoyer soi-même le MUC au destinataire. Ou de s'assurer qu'un destinataire peut également recevoir un e-mail eGov.

Pour cela, la fonction affiche le statut dans une requête web :



- La "query" porte sur l'utilisateur Outlook du 'compte principal' saisi dans FROM.

- La "query" n'est possible qu'à partir d'adresses IP définies/fixes du domaine de l'utilisateur.

- La "query" n'est possible que pour des domaines d'utilisateurs définis.

- Il existe une limite de la "query" par PC et par unité de temps (déterminée au moyen de l'ID unique de l'utilisateur).


Si cette fonction supplémentaire est intéressante pour vous et n'est pas encore disponible, n'hésitez pas à nous contacter au :

Téléphone : +41 43 299 55 88

ou ici