How to mimic Microsoft secure email

+2 votes

We are using an outside service called SendSafely to replace Microsoft's default encrypted email behavior.

When a user sends an email with SECURE in the subject, those emails are redirected to a mailbox that is monitored by an app built with Mail.dll.

We then encrypt the email with SendSafely and send it using Mail.dll to the parties.

We want to keep a plain-text version of the email and distribute that to internal parties, though.

Microsoft somehow achieves this by encrypting emails to outside parties but delivering a plain-text version to internal parties, while preserving all the email addresses on the From, To and CC lines.

We want to achieve this in any way possible, too, using Mail.dll.

Can you think of a way to distribute the unencrypted version of the email to internal parties while keeping the external party on the email, but the external party only gets the encrypted copy of the email? Or can you think of a way of using the redirect mailbox we have set up to then copy the email to the inboxes of the internal parties rather than solving the SMTP challenge above?
Thanks

by

1 Answer

+1 vote

Basically if you have 2 versions of an email: encrypted and plain, you can send them to different sets of users.

Use SmtpMail class - it represents SMTP envelope of the message. It contains actual recipients that are used by SMTP to deliver a message

(TO:, CC:, BCC headers are normally used to build this list, but those are 2 different things in the end)

You should to something like this:

Create SmtpMail using ctor:

byte[] eml = ....
List<string> tos = new { "to@example.com", "to2@example.com",  }
var smtpMail = new SmtpMail("from@example.com", tos , eml);

or SmtpMail.CreateFrom(IMail email) helper:

var smtpMail = SmtpMail.CreateFrom(email);
smtpMail.To.Clear();
smtpMail.To.Add("to@example.com");
smtpMail.To.Add("to2@example.com");

Use Smtp to send the message to specific recipients only using Smtp class and SendMessage(SmtpMail smtpMail) method.

by (297k points)
I think I understand but I am not sure. So how do you create an email where I show people on the To line and the cc line and everyone sees those names, but only the people on the To line will receive the plaintext email? What would that code look like?
Thank you as always for your help.
by (120 points)
You create an IMail normally.

Use MailBuilder.To and MailBuilder.CC to create To: add CC: email headers (e.g. to1@example.com, and cc1@example.com). This results with IMail with IMail.To and IMail.Cc filled.

But instead of sending IMail, you create SmtpMail from this IMail, clear its SmtpMail.To collection (to1@example.com, cc1@example.com => empty) and add to it only those you want (let say to1@example.com).
by (297k points)
Thanks for your help. We added a few rules to our Exchange Server to catch all emails we want to encrypt and put them in a holding mailbox. Then, we built an application that runs on our local server and polls our Exchange Server and monitors that mailbox above. If it finds an entry, it creates an IMail and a plaintext (for internal users) version of the email and a SendSafely encrypted version (for external users) and sends these out and clears the holding mailbox. Works really well.
by (120 points)
...