Skip to content Skip to navigation

How Secure Email Works

Overview

Secure Email is designed for faculty and staff who need to send Prohibited, Restricted, or Confidential Data via email.

Any messages sent through the primary group of outgoing mail servers with the word "Secure:" somewhere in the Subject line of the message — it doesn't matter if it's at the beginning, middle, or end, as long as it's there somewhere — will be processed by the Secure Email service.

The service uses two different methods to insure the messages it handles are delivered securely.  The method used depends on the destination address where the message is delivered:

  • Mail sent to Trusted Domains

    Some internal email systems have been designated as "Trusted Domains" for Secure Email purposes.  Communication to and from these systems is guaranteed to be encrypted, so the messages can securely pass through to those systems like any other email message.

    The following have been designated as trusted domains: stanford.edu (provided the account has not been forwarded to an external or departmental address), stanfordmed.org, lpch.org.

  • Mail sent to Untrusted Domains

    Messages that are sent to addresses that are not a member of a trusted domain (including @stanford.edu addresses that are forwarded to external or departmental addresses) are encrypted and sent to the recipient as an attachment called securedoc.html. The recipient must open the message and enter the password that they created when they registered their email address with the Cisco Registered Envelope Service (CRES).

Sent From Delivered To Result
@stanford.edu, @lpch.org, @stanfordmed.org @stanford.edu, @lpch.org, @stanfordmed.org The message opens normally and recipient can read it right away without having to enter another password.
@stanford.edu, @lpch.org, @stanfordmed.org @gsb.stanford.edu or @stanford.edu for Graduate School of Business faculty, staff, and students

The message is encrypted when it leaves the Stanford trusted domain and appears to the recipient as an email attachment. Recipients need to enter their email address @zm88.stanford.edu and a password to access the message.

@stanford.edu, @lpch.org, @stanfordmed.org

Stanford email that is forwarded — either to a department server or to an external account such as Gmail

Non-Stanford email account

The message is encrypted when it leaves the Stanford trusted domain and appears to the recipient as an email attachment. Recipients need to enter a password to access the message.

Recipient (external to Stanford) replying to or forwarding a secure message @stanford.edu, @lpch.org, @stanfordmed.org As long as "Secure:" is somewhere in the Subject line of the message, the message is sent securely.

Tips

  • The way for a Stanford recipient to tell whether a message was sent using the Secure Email service is to look for "Secure:" somewhere in the Subject line. If "Secure:" is in the Subject line, the email was routed through the Secure Email server.
  • Stanford senders should always include "Secure:" in the subject when sending Prohibited, Restricted, or Confidential Data via email. Even if the original message is sent to a presumably trusted domain, the sender cannot be sure of the automatic mail-forwarding settings of the recipient. Including "Secure:" in the subject ensures that the message will be encrypted if the recipient's mail leaves Stanford's trusted set of domains.
  • You do not need to register your Stanford Email account (or that of other trusted domains such as @lpch.org or @stanfordmed.org) in order to read secure email. It arrives in your Inbox as any other message. Email sent within the Stanford email system is already encrypted.
  • If you believe you are receiving secure email through a Stanford Email account but the messages appear as encrypted attachments, the messages have left the Stanford Email and Calendar service. It's possible that you are receiving your Stanford email via a department server using an alternate address.(Symptom: You can see the email in Webmail, but not in a desktop client.) Please contact your local IT Support for more information about your final destination address.
  • In order to reduce the risk of unauthorized access to Stanford University Prohibited and Restricted Data, email that contains Prohibited or Restricted Data may only be received on Stanford mail servers. If, in your role at Stanford University, there is any chance that you might receive Prohibited or Restricted Data via email, please do not have your email forwarded automatically outside of the Stanford Email account system. For example, you should not forward your Stanford email to a Gmail or Yahoo email address. Take a moment to check StanfordYou to confirm your settings.
Last modified September 12, 2011