Aalto IT Help

View content in another language: suomi

Sending and opening encrypted email messages

Aalto University IT offers all those using Aalto’s Exchange email services an encrypted email service that can be used in connection with outbound email messages. No encryption is used for message traffic within Aalto, unless the recipient’s mail services operate outside of Exchange (such as units’ own mail servers).

The service uses encryption of Adobe Acrobat PDF files, with strong AES-256 encryption. Encrypted messages, including attachments, are delivered in PDF files via a separate proxy server (portal). Since the authorities have not officially approved email encryption, it is not suitable for sending official documents. However, when used in accordance with the instructions provided, it can be used for all other communication at the university.

You can also send encrypted emails with mobile devices. However, opening messages may involve restrictions that are caused by features in the PDF reader of the terminal used (such as support for the encryption technology used).

If you face any challenges in using encrypted email, please report the matter to Aalto University IT’s information security team at: security@aalto.fi.

Before using encrypted email

  • The recipient of the message (the email address) will not be verified. When you send encrypted emails, be careful with the email addresses.
  • A message is encrypted only if the identifier at the beginning of the header row has been written correctly.
  • The strength of encryption is directly dependent on the password of the portal account created by the recipient.
  • The recipient may interpret an arrival notification as a phishing message, so they should be informed about the message before sending it.
  • Encrypted emails can be sent to Aalto only by replying to an encrypted message sent out from Aalto.
  • If the recipient loses their password, the message cannot be opened.
  • Along with the recipient and the reply message, the sender’s portal account is also valid for 30 days.

Sending encrypted email messages

Outlook

  1. Before you send an encrypted email, inform the recipient of the message because the arrival notification may be interpreted as a phishing message.
  2. Open Outlook.
  3. Select New Email.
  4. Click Encrypt in the top left corner. When the Encrypt button is grey, encryption is active.
  5. Write your message in the message field as usual. You can also add attachments to an encrypted email message.
  6. When your message is ready, send it by pressing Send.
  7. Registration for the portal where the encrypted email can be read is valid for 30 days. After 30 days, both the identifier and the password will be deleted. All messages that have already been received can be opened with the password in use at the time of receipt, so you should store the password carefully.
  8. If you continue with the communication, the identifier will be stored for a further 30 days after the transmission of the most recent message.

Webmail, Thunderbird, Mac Mail

1. Before you send an encrypted email, inform the recipient of the message because the arrival notification may be interpreted as a phishing message.

2. Log in to the email service (Webmail, Thunderbird, Mac Mail) and select a new email message.

3. Add the following expression to the beginning of the header row:

AALTO-SECURE:

Please note! There must be hyphen between the words and a colon at the end, as in the example above. No space is required after the colon, and you can use either small or capital letters. If you misspell the expression, the mail will be sent without encryption.

4. Write your message in the message field as usual. You can also add attachments to an encrypted email message. When your message is ready, send the message by pressing Send.

5. Mail encryption works if the expression AALTO-SECURE: is used at the beginning of the header row and if the mail server is mail.aalto.fi.

6. Registration for the portal where the encrypted email can be read is valid for 30 days. After 30 days, both the identifier and the password will be deleted. All messages that have already been received can be opened with the password in use at the time of receipt, so you should store the password carefully.

7. If you continue with the communication, the identifier will be stored for a further 30 days after the transmission of the most recent message.

Opening encrypted email messages

The recipient of the message must use at least Adobe Reader 7.0 or another compatible product (such as PDF-Xchange).

The password of the portal cannot be changed, and you cannot delete their log-in from there by yourself. If you forget the password, the administrator can only delete the log-in details. You can submit a request for such deletion, via email, to: postmaster@aalto.fi.

1. If you have not yet logged in to Aalto’s mail portal, a log-in request will be delivered to you. The log-in request message includes information about the arrival of an encrypted message in three languages (Finnish, Swedish, English), so you can identify the message as an official notification and not mistake it for phishing messages, for example. The notification also indicates the sender of the encrypted email message. The notification does not contain other information, such as the header of the encrypted email message.

2. Log in to the portal mentioned in the arrival notification and create a password. After this you will get an email message with the attachment protected with the password. This attachment contains the sender's original email with attachments.

3. Registration for the portal is valid for 30 days. After 30 days, both the identifier and the password will be deleted. All messages that have already been received can be opened with the password in use at the time of receipt, so you should store the password carefully.

4. If you continue with the communication, the identifier will be stored for a further 30 days after the transmission of the most recent message.

Example:

message

After registering your password from the first email, you should receive another email message that looks like this. It contains a pdf file that is password protected. Save it on your computer first, and then open it with Adobe Acrobat Reader.

enterpassword.PNG

You will then have to enter the password you registered in the first email.

 attachment.png

Any additional attachments included in the email can be found under “Attachments” button in Adobe Acrobat Reader. Left hand side of the screen.

Contact information will be used only in case we need more information about feedback.
Please send only feedback about this instruction. If you have IT-related problems, please send a request to servicedesk@aalto.fi