CipherMail Blog

CipherMail and partners occasionally post interesting things here. Did you know that you can subscribe to our blog feed with an Atom or RSS reader?


Note: we don't publish announcements for patch releases here anymore. Subscribe to our announce mailing list to stay up-to-date.

SMTP Smuggling - Spoofing E-Mails Worldwide

Fri 22 December 2023 / Martijn Brinkers

SEC Consult Vulnerability Lab, Timo Longin discovered a novel exploitation technique for SMTP

CipherMail Gateway and Webmail Messenger are not impacted by the Log4j vulnerabilities

Sun 12 December 2021 / Martijn Brinkers

Friday morning we were notified that Log4j, a popular Java logging library, contains a critical vulnerability that can result in Remote Code Execution (RCE) when a certain attacker-controlled message gets logged. As we use Log4j in CipherMail Gateway and Webmail Messenger, and the vulnerability appeared to be trivial to exploit …

HTML email is now fully supported by the PDF encryption module

Fri 03 December 2021 / Martijn Brinkers

The PDF encryption module of PDF messenger now fully supports HTML email and embedded images.

Automating CipherMail deployments

Mon 05 July 2021 / Imre Jonk

No need to manually edit configuration files and copying them to all cluster nodes anymore, CipherMail is now automated!

Eating our own dog food

Thu 16 July 2020 / Imre Jonk

This article will give some insight in how we use our products ourselves as a way of quality control and testimonial advertising.

CipherMail CVE-2020-12713 & CVE-2020-12714

Thu 28 May 2020 / Martijn Brinkers

Background info on CVE-2020-12713 & CVE-2020-12714

EFAIL: detection and prevention

Sat 19 May 2018 / Martijn Brinkers

EFAIL: detection and prevention

EFAIL: how to detect you are being attacked?

Tue 15 May 2018 / Martijn Brinkers

EFAIL: how to detect you are being attacked?

EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

Mon 14 May 2018 / Martijn Brinkers

EFAIL: which is vulnerable? PGP, S/MIME or your mail client?

Will DANE for SMTP solve all of your GDPR problems?

Wed 09 May 2018 / Martijn Brinkers

The short answer: probably not. The long answer: keep reading.

Encrypted email and archiving requirements

Tue 31 January 2017 / Martijn Brinkers

Desktop email encryption might be conflicting with the requirement to archive email in a readable and searchable form. Placing an email encryption gateway before the archiving system might help to fulfill both requirements.

What does it take for Johnny to start encrypting his email?

Mon 30 May 2016 / Martijn Brinkers

Why are most emails not encrypted? This might be because most email encryption products are too difficult to use. We propose that email encryption should be done at the gateway level.

Using an HSM to protect your encryption and signing keys

Mon 23 May 2016 / Martijn Brinkers

A Hardware Security Module (HSM) can be used to securely store your private keys on a tamper-proof device. This is especially important when using qualified certificates.

Why leaking email addresses is a data breach

Sun 15 May 2016 / Martijn Brinkers

Why leaking email addresses is a data breach and what can be done to prevent the common cc vs bcc mistake.

Encrypted email, spam and the German law

Tue 10 May 2016 / Martijn Brinkers

How to scan incoming encrypted email for viruses and spam and still be compliant with German law.

Waarom Jan zijn e-mail niet versleutelt?

Thu 13 November 2014 / Martijn Brinkers

(in Dutch) Waarom wordt e-mailversleuteling niet vaker toegepast? Hoe je ervoor kunt zorgen dat er vaker wordt versleuteld.

Encrypted email in the cloud

Fri 06 June 2014 / Martijn Brinkers

In a perfect world, email can only be read by the user the email was intended for. In the real world however, things are a bit different.