D-Compose
With D-Compose an external party can proactively start confidential messaging.
In practice, the service can be linked to the company's Web site or alternatively the message sender must know an address defined for sending (e.g., https://secure.example.com). For example, sender can send secure message to a person or whole department (https://secure.example.com/sales@example.com) in a company without knowing the actual address. The link in the page offers all the information needed. The service is used over protected TLS connection with browser.
- Support address (default: on): Support address for the users to contact can be shown in DCompose either as a link or an image.
The addresses accepted as message senders and recipients can be specified, and user authentication can also be required (strong authentication, self-service registration, SMS-based identification).
Allowed addresses: Addresses or domains allowed in From: and To: --fields can be modified.
Sender authentication (default: off): The use of D-Compose can require sender authentication. Different options are:
Email registration
Single Sign-On (OpenID connect based) [Please note: this can be used only as a stand-alone authentication method]
SMS authentication
Strong SSN based authentication o In email registration sender receives a unique link to e-mail after registration. In Single Sign-On sender authentication is handled "on the fly". In SMS authentication the sender receives a PIN code to a predefined mobile phone number. In Strong SSN based authentication sender has to authenticate him/herself in external SSN based authentication service (same methods are available in D-Compose that are available in D-Envelope).
Life time for registered link (default: 30 days): Life time for registered link can be changed. After that the registered link will expire and will be deleted from the server.
Amount of registration e-mails: Maximum amount (default: 5) of registration e-mails sent to same address within a specified time limit (default: 14 hours) can be defined.
Registration e-mail: The registration e-mail address can be modified.
The user interface language is set according to browser's language settings. Supported languages are English, Finnish, Swedish, Norwegian, Danish, Estonian, Latvian, Lithuanian, Russian and German.
Force user interface language (default: off): Language in user interface can be disabled entirely or forced so that only one language is in use. Normally language is set automatically according to browser settings.
Sender can choose interface language (default: off): Secure message senders can choose to change the interface's language from a dropdown box if this option has been enabled.
In addition, it is possible to offer the sender the desired recipient addresses to select from, thereby forwarding requests for feedback or tenders to the correct e-mail address.
- Recipient drop-down list (default: off): Allowed recipients in D-Compose can be placed to a dropdown list in To-field. Recipient addresses can be defined to show as aliases in a drop-down list, for example sales@domain can be shown as Sales. These aliases can be defined to be named according to language (for example "Sales" in English, "Myynti" in Finnish and "Försäljning" in Swedish). Options are both normal text field and drop-down list or only drop-down list. If both are in use, the alternatives can have radio buttons in front of them so that only one can be chosen.
The message sender can use the service to write a message and add attached files, if necessary. The sent message is transmitted as a normal e-mail message to the recipient's mail box.
Cc and Bcc-fields in D-Compose (default: off): Message can also be sent as carbon copy or blind carbon copy.
Dynamic receiver fields (default: off): Receiver field address will be checked in real-time (options are invalid address form, correct address that is not allowed to receive messages and correct address that is allowed to receive messages). The sender can immediately see if the receiver address is invalid (for example includes Scandinavian alphabets) or if the domain is not allowed to receive messages. Receiver addresses can be edited in their own fields. If the message can be sent in "Registered letter" level, the receiver's GSM number can be placed in its own field.
Address book for registered users (default: off): Registered users can add addresses faster and more efficiently with an address book. System remembers the addresses previously used and suggests them automatically when sender is writing down receiver address (minimum of 3 letters is required). Sender can also select the receivers from an address book in the user interface. In order to use the address book also the dynamic receiver fields must be allowed.
List of receiver addresses in address book (default: none): It is possible to add a list of receiver addresses to the address book of all registered users of D-Compose in addition to the personal address list for each user. These global addresses are managed from D-Center. Receivers in a dropdown list can also be automatically sorted to alphabetical order. This makes it easier to add new receivers to the list.
Signature for registered users (default: off): Registered users can use signature in messages sent from DCompose. Secure Email remembers the previously used signature and provides it automatically.
Allowed MIME/attachment types in D-Compose: Types of allowed (whitelist) or forbidden (blacklist) attachments can be defined using MIME types and file extensions.
Show SMS originator text (default: on): This shows to the receiver that the message is SMS authenticated. Text is placed in the beginning of the actual message.
Require GSM authentication (default: off): Sender must use GSM authentication when sending messages with D-Compose. Recipient's GSM number can be placed to its own field or optionally sender adds the number and '.s' at the end of the e-mail address (for example recipient@domain.tld.040123456.s). The GSM number can be required to be in international format (+xxx/00xxx).
Sensitivity header in D-Compose (default: off): All incoming e-mails sent through D-Compose can have a customized "Sensitivity" header (options are personal, private, company-confidential or none).
Internal max size in D-Compose (default: off): If the size of the incoming message is larger than the internal mail server allows, D-Compose sends a notification message instead of the actual message so that it can be read using D-Envelope application.
Allowed message size for individual user in D-Compose (default: off): The maximum message size that an individual address or domain is allowed to send can be defined.
Request a read receipt in D-Compose: Sender can request a read receipt. The read receipt is delivered as plaintext.
CAPTCHA check (default: off): Captcha can be added to prevent spam messages generated by computers. Even though this has not been a problem so far, there is now a way to prevent attacks in the events where a message can be sent without registration. To ensure that the sent message is not generated by a computer, sender must enter the automatically generated challenge (options are numbers, characters, numbers and characters or simple mathematical equation) to be able to write a message. Style of the image shown can be modified to fit the company image (noise style, size of image, font size, length, text color, noise effect color, background color, curve of the image).
Save sent message in S/MIME encrypted form (default: off): The sender of a secure message can save the message he/she has sent through D-Compose in S/MIME encrypted form, if the sender can provide an S/MIME certificate. In this way only the owner of this certificate can open the saved message, even if it is saved to a shared folder for example.
An outside sender of a confidential message can be strongly authenticated. If the strong authentication is required for the sender in D-Compose he/she has to attempt authentication by using one of the following SSN based authentication methods (methods are configured and enabled by administrator):
BankID (Sweden and Norway)
Finnish Mobile ID
Finnish Trust Network (banking recognition with Signicat or Telia)
Generic OpenID Connect based SSN authentication
NemID
Suomi.fi
BankID authentication in D-Compose (default: off): Sender must use the BankID authentication when sending messages with D-Compose. The authentication text with identity number (options are encrypted identity number, plaintext personal identity number or plaintext truncated number) will be seen in the beginning of the e-mail message sent to the receiver. Customer must have a contract with Svensk eidentitet (Sweden), or Signicat (Sweden and Norway).
Mobile authentication in D-Compose (default: off): Sender is authenticated with Mobile ID. Customer must have an agreement with Elisa.
Finnish trust network authentication in D-Compose (default off): Sender is authenticated with trust network banking recognition (Signicat or Telia OIDC authentication). Customer must have an agreement with Signicat or Telia.
Generic OpenID Connect based SSN authentication in D-Compose (default off): Secure Email supports any authentication services which are following OpenID Connect standard and provide user's SSN. Configuration of the Generic OpenID Connect Authentication requires API specification from the authentication service provider.
NemID authentication in D-Compose (default: off): Sender must use the NemID authentication when sending messages with D-Compose. The authentication text with identity number (options are encrypted identity number, plaintext personal identity number or plaintext truncated number) will be seen in the beginning of the e-mail message sent to the receiver. Customer must have an agreement with Signicat.
Suomi.fi authentication in D-Compose (default: off): Sender must use Suomi.fi authentication when sending messages with D-Compose. The authentication text with identity number (options are encrypted identity number, plaintext personal identity number or plaintext truncated number) will be seen in the beginning of the e-mail message sent to the receiver. Customer must have a contract with Finnish Population Register Centre.
These strong authentication methods work alongside with email registration and SMS authentication methods and provide the name and social security number of the sender. The connection between Secure Email and service provider is established by using standard TLS protocol (https).
Multiweb-compose
Each instance can have multiple D-Compose pages that have different configuration values (for example is the ccfield shown or does using require registration). It is also possible to define allowed sender and receiver addresses to different pages.