How does the security work?
Each time a user logs in to their account on our email server using POP, IMAP or Webmail, an SSL (or TLS) session is initiated before any login or password information is exchanged and well before any data is transmitted. The SSL/TLS session uses the same security used by banks, credit card companies, PayPal, etc. to make sure online credit card transactions are secure. The server certificates we use are 100% secure like all VeriSign SSL certificates, using RSA-powered TLS (Transport Layer Security). Email sent to outside addresses, i.e. any account outside your own domain or not hosted by 4SecureMail, can be further encrypted and secured by our SecureVault service to maintain compliance with security regulations. Click here for more information.
How does SecureVault work?
SecureVault allows you to send out encrypted email securely to any email address by typing "encrypt:" in the subject line (or other method specified by you). The recipient receives a notification that you have sent them a secure message, along with a link. They can use this secure link to view and reply to the encrypted message on our secure server without any additional configuration on your part. Click here for more information.
How does 4SecureMail help businesses comply with HIPAA, GLB and SOX Regulations?
Employing encryption technology for sensitive email is only one piece of the puzzle to ensure complete compliance of federal security standards, such as HIPAA. Using 4SecureMail for all your mail accounts, you can rest assured that your email is secure and meets guidelines addressed by these regulations. Please note that some regulations require mail archiving in case of data loss, auditing or other purposes. 4SecureMail offers a secure off-site legal archiving service at low additional cost. Contact support for details on this upgrade.
Does 4SecureMail provide a Business Associate Agreement (BAA)?
Some organizations may need a BAA contract for audit purposes. We can provide BBA for you, or if desired, we can review and sign a contract produced by your company.
How much does the service cost?
There is no "lite" version of our service, so all users get a 100% full strength solution. Our competitors charge twice as much for extra security features, such as HIPAA compliance. With 4SecureMail, it is included with every account. The professional plan is as low as $1.39 per month per user. Domain-hosted plans go down to as low as $.42 per month per user. For a single user, the cost is $3.39 per month. All accounts are paid quarterly or annually. Click here for more information.
Can I still use my current email address with 4SecureMail?
4SecureMail Personal & Professional plans provide you separate email accounts with their own address, e.g. email@example.com. You must use this address and account to keep your email secure.
If you own the domain you use for email, our Domain-Hosted plans allow use of your private domain on our server through a simple MX change, which our engineers can do or assist you with. Your website remains unaffected, and no domain registration transfer is required. Once your domain mail is redirected to 4SecureMail, you may use these addresses to keep your mail secure.
Do you support forwarding? What about custom from/reply-to headers?
If you would like to receive email from accounts hosted elsewhere securely, you may forward them to your 4Securemail address. This provides you a level of security on these outside accounts. 4SecureMail also allows forwarding your email to other address(es). And, you may use other addresses in the "From" or "Reply-to" header. However be very cautious. Unless you actually view or retrieve your email from our server, using these methods may not keep all your incoming email secure.
Do you support push email to my mobile device?
4SecureMail fully supports the IMAP IDLE push command for instant new mail notifications to your cell phone. Multiple devices can connect at once as well.
Can I automatically sync contact and calendar information between webmail and my other mail applications and mobile devices?
4SecureMail does not currently support this. However we are exploring future support with synchronization technologies like Microsoft Exchange ActiveSync and the open-standard SyncML. CalDAV calendering is currently in beta testing and should be available soon. In the meantime, you may import your existing contacts manually to webmail. This supports standard CSV and vCard formats.
If I have my own in-house email solution, such as Microsoft Exchange, why would I need 4SecureMail?
Please see here.
My company uses Microsoft Exchange for email, and we are unable to change our MX. Can I still use 4SecureMail?
In this case we recommend using a separate subdomain for the secure mailboxes on 4Securemail, e.g. @secure.yourdomain.com. Then point only the MX for secure.yourdomain.com to our mail server. If this is not acceptable, we do allow a special case where you can have all mailboxes on one domain while keeping your MX as is. Under this configuration, all mailboxes hosted by 4SecureMail must be SecureVault-only, i.e. unsecure regular mail would not be possible with them, and you must use our server when sending and receiving mail with these mailboxes. Since SecureVault always requires the recipient to log into our server to reply, no MX change is needed, and regular email to and from your existing provider/server would remain unaffected.
I want to communicate with our business partners using TLS. Does 4SecureMail support "opportunistic TLS" similar to Exchange when communicating with outside mail servers?
We fully support the same Opportunistic TLS that Microsoft Exchange uses. As long as the outside provider reports that they support TLS in the SMTP handshake, our server will attempt to use it, and this can be verified by looking at the "received" headers in your email. If your partner does not properly advertise TLS or it needs to be otherwise "forced", we can configure it to always enforce TLS when connecting to a specific server. Keep in mind though, to be fully HIPAA compliant, not only do all hops between servers need to be encrypted, but you must also trust the provider of the servers doing the delivering to insure server security.
How secure is the encryption used? What about news reports that the NSA and other goverment agencies can get past the encryption?
4SecureMail supports the latest encryption technologies in all SSL/TLS transmissions. The most secure protocols are supported including TLS v1.2, while obsolete ones such as SSL v2 are disallowed. Perfect Forward Secrecy (PFS) is also used to keep data safe when possible. There are no known compromising exploits or weaknesses in the ciphers we enable for use on our servers.
What is your policy about sharing customers email addresses?
What do I have to download or install to use the service?
Nothing at all. No downloads, no plug-ins, nothing to install.
How do I know 4SecureMail email hosting will work with my PC or my current email software?
It works with all popular systems (and some you have never heard of) that have been released this century (and quite a few from the last century). Please see the list of compatible operating systems and email software clients.
My ISP blocks sending email through remote servers. Will I be able to use 4SecureMail?
Yes. ISPs that block 3rd party SMTP servers almost always block port 25. Our system does not rely on port 25, and port 587 should be used instead. Click here for mail client port configurations.
I need to send large email attachments. Do you have any size limits?
You can send messages with large attachments, up to a total of 5GB summed over all recipients. There is no pre-set size limit on receiving attachments other than the quota limit of your mailbox.
How do I manage my 4SecureMail secure email account(s)?
We provide an email account administration control panel that lets you completely manage all of the user-level functions of your email account. For plans that include multiple accounts, we provide a master email hosting control panel that lets you create, delete, define and manage user email accounts while allowing each individual user to manage all of their own user-level functions. Domain-hosted accounts include a domain admin panel which allows user management, routing & filtering, reports and other domain-level functions.
Do you keep usage logs?
We do not record or log customer or usage data other than what is required for performance and security monitoring of our servers. The minimal information that is logged is deleted as soon as it is no longer needed for these purposes.
Do you support mail archiving?
We support both online and offline mail archiving. For online archiving, you pay only for the extra server storage space you need for your archive. Once exceeded, older messages are overwritten first. For offline archiving, we can carbon-copy all your incoming & outgoing messages to an archive mailbox of your choice. It is then your responsibility to backup and remove these messages off the server as needed using the POP3 or IMAP protocol.
How does the spam filter work?
It incredible! First it checks multiple RBL databases and the SPF protocol to see if the sender is known as a spammer, or if the mail is coming from an email server that is either a known spam server or a machine that is not properly secured to prevent spam. Then it processes incoming messages through the powerful Spam Assassin system. As a third step, suspicious messages can be challenged by the Friends system, giving senders an opportunity to prove their message is not spam. Using a combination of these systems allows a user to actually stop 100% of spam without false positives.
How does the virus protection work?
We use a powerful server-based system provided by Avast. This system is certified by ICSA, the same certification authority that approves systems for MacAfee, Norton and a few other major players. Only trust ICSA-Certified virus scan systems. The system is installed on our email servers, so users don’t have to worry with administration or updates.
Is the service anonymous? Do you forward my IP address?
It is very private and anonymous. Whether you use Webmail or a mail client, we never forward IP information, so it is not possible for anyone to determine the senders location or service provider. And, only a court order can obtain information about who owns an account. If you wish to register your account with us anonymously, that’s OK but it makes sign-up a little more complicated so contact our support department if this is your requirement. No court can order us to provide what we don’t have. We don’t keep copies of email, or a listing of to whom users have sent email, or have received email from.
Can I customize 4SecureMail with my company logo or change the look of certain screens?
A custom logo is allowed with domain plans for an additional charge. Other customizations are possible too. Contact us for more details.
Do you have resellers?
We have do have a reseller program which allows you to resell our domain plans on your own site. Contact us for more details. We'd be happy to work with you.
Where are 4SecureMail email hosting services available?
4SecureMail secure email hosting services are available worldwide to holders of major credit cards, however only U.S. currency is supported at this time. Customers without credit cards can be supported by check, money order or electronic transfer, such as Western Union.
Where are the 4SecureMail email servers located?
The 4SecureMail email servers are located in a secure data center in Dulles, Virginia, USA.
If I am using a free mail account like Gmail, Yahoo, Hotmail etc., why would I need to pay for an account?
Many reasons.. Please see here.
What is secure Webmail?
Secure Webmail uses a browser, like FireFox or MS Internet Explorer to access an email account through a web site operated by the email provider. A secure Webmail account is a Webmail account that uses SSL security to protect the messages from 3rd party monitoring. Providers of free webmail accounts, such as Yahoo, are not secure.
What is secure POP and SMTP email?
This is email that is transported using SSL encryption between the email server and the email client. If both clients (the sender and the receiver) are both users of the secure email server, the message is fully secure end-to-end. Even if the “other end” of the connection is not secure, the secure email user is still protected from local snooping, sniffing or monitoring that can occur within the local network, by government agencies, at the ISP or at routers along the way. For end-to-end security to outside addresses beyond the secure server, we offer our exclusive SecureVault service.
Why does a user need SSL encryption?
Same reason that websites accepting MasterCard and VISA use it. SSL transport prevents snoops from seeing the message headers (From, To, Subject fields) and prevents message content interception on the way to/from the mail server while sending/receiving email. This part of the route is most critical for compromising the email privacy of a sender since local authorities like ISP/company staff, hackers or government agencies can most easily monitor it.
What if I use PGP or S/MIME for email encryption?
4SecureMail supports and supplements PGP or S/MIME encryption. Even if you encrypt email messages with PGP or S/MIME, the message headers still remain open. "To:", "From:", "Subject:" etc. header fields may disclose your identity and contain confidential information. Using a 4SecureMail encrypted tunnel to transport these messages creates an even higher level of security. PGP encryption is supported directly within 4SecureMail classic WebMail interface.
Do you allow the sending of UCE (Unsolicited Commercial Email – Spam)?
Do you allow bulk mailing?
Bulk mailing to a legitmate mailing list of clients wishing to receive your mail is acceptable as long as the email is not illegal or deceptive in any way. Forged from addresses, encoded text, and mail written specifically to evade spam filters are just some examples of unacceptable bulk mailing. If you plan to bulk mail, you must contact support with information about your list so that we can approve it and remove the bulk limitations. Additional charges may apply based on volume.
Why do I need 4SecureMail in the workplace?
4SecureMail protects your emails. If you are the boss, it protects you from nosey or vindictive employees. If you are an employee, it protects you from your nosey boss or co-workers. It also protects your entire company from lawsuits, competitors, bad press and a host of other problems that can occur when email is not secured. Plus it will stop spam or virus at the email server, so you don’t have to deal with it.
I have my own domain/website hosted with a hosting company/ISP. How will this be handled if I sign up with you for secure email?
Nothing will change about the way your existing website or domain is handled. We have a lot of experience with this, because all of our business customers use their own domain name. For all email domains, there is a DNS entry that tells the world where your email account is located, for example https://mail.yourdomain.com. A simple MX (Mail Exchange) record update is all that is needed. Your website can continue to be hosted where it is now, or be moved to another location. We are secure email specialists, and we don’t do website hosting because it is not our specialty. And likewise, most hosting companies don’t specialize in secure email. Think about it - would you go to a brain surgeon for a heart transplant?
If I don’t have my own domain, can you help us get one?
Yes. Just contact our Support Department, and we can help you register a domain. This typically costs $15/yr.
What happens during the time while may email domain is being moved, will I lose any emails?
Excellent question. We employ a special Migration System that manages the process by checking your email at both locations until the cutover is complete, and consolidating all emails in the new location. Very few email providers can offer a migration service, so many times a user’s email is lost when moving email accounts because this type of precaution is not taken. We are specialists at this, and we won’t lose any of your emails.
Do I need any special skills or training to manage our 4SecureMail secure email accounts?
Not at all, it is a very simple and intuitive interface. Plus, you can contact technical support with any questions.
How do I sign up for a 4SecureMail account?
Applications are submitted online through our website here. Select a subscription plan and follow the links to our secure site to make payment. Keep in mind, credit card charges are submitted as authorizations, so the charge may not immediately appear on your statement.
Why don't you provide a number for sign-up or support?
To keep our prices low, most support is done through email and sign-up's are handled online. Support email is usually answered within 24 hours. However, we do provide a 24-hour support number on request to clients of our domain-hosted Enterprise plan.
How do I pay for 4SecureMail secure email hosting service?
We accept credit cards online for all transactions, which must be paid in advance. You may also pay by check, money order or electronic transfer, such as Western Union. Please contact us in advance if making any payment not by credit card.
Does 4SecureMail send out invoices?
No paper invoices are sent out. We email your account two weeks before it is due so that you can make payment. Accounts past due become log-in restricted automatically until payment is made. Accounts 90 days past due are cancelled. You can check your account status, view invoices and change billing information through our online billing interface.
Who is 4SecureMail LLC?
4SecureMail LLC is located in Virginia Beach, VA. 4SecureMail is a secure email hosting company, privately and locally owned by retired ISP industry veterans.
|Compare Service Plans|
|How It Works|
|Take A Tour|