Email Server Integration

For Organizations

If your organization comprises more than a few individuals, you will probably use your own email domain with email addresses such as ''.

In this case, you can use StayPrivate directly from your own email account. All you need to do is to follow the instructions below to add a rule to your email server to route emails securely via StayPrivate.

You can still use the StayPrivate web and mobile apps, but the advantage of a server-level integration is that it enables you to use your existing email clients to send secure emails, making it even easier to use and roll out StayPrivate across your organization.

See below for instructions on how to integrate StayPrivate with Office 365 and G Suite. For Microsoft Exchange Server, navigate to the EAC and follow the Office 365 rules below. For assistance with other email servers, get in touch with us at

These instructions explain how to put in place a server-level rule so that all emails containing the keyword '#stayprivate' are sent securely. You can also, of course, choose a different keyword, or put in place more complex rules.

Step 1 - Log into Office 365 as Administrator and open the Exchange Admin area

  • From your Office 365 home page, select to display All Apps.
  • Select 'Admin'.
  • From the Admin Console, select 'Apps'.
  • In the left-hand menu, select 'Show all'.
  • Scroll down and under 'Admin centers' select 'Exchange'.

Step 2 - Add a connector to the StayPrivate relay server

  • In the left-hand menu, select 'mail flow'.
  • Select the 'connectors' tab.
  • Click on '+' to add a new connector.
  • Under ‘From:’ select ‘Office 365’. Under To: select ‘Partner organization’. Then click 'Next'.
  • Enter the name: 'StayPrivate'. Ensure ‘Turn it on’ is selected. Then click 'Next'.
  • Select 'Only when I have a transport rule set up that redirects messages to this connector'. Then click 'Next'.
  • Select 'Route email through these smart hosts'.
  • Click on '+' to add the StayPrivate smart host.
  • Enter the domain name ''. Then click 'Save'. Click 'Next'.
  • Ensure that 'Always use Transport Layer Security...' and 'Issued by a trusted cerificate authority (CA)' are selected. Click 'Next'.
  • Click 'Next'.
  • To validate the connector, click '+' and enter the test email address ''. Click 'OK'.
  • Click 'Validate'. Office 365 will validate the new connector. This may take a minute or so. When it has finished, click 'Close'.
  • Click 'Save'.

Step 3 - Add a rule to use the connector

  • In 'mail flow', select the 'rules' tab.
  • Select '+' and 'Create a new rule...'
  • Enter the name 'StayPrivate Rule'.
  • Under '*Apply this rule if...' select 'The subject or body includes'. Then enter the keyword '#stayprivate'. Then click '+'. And click 'OK'.
  • Select 'More options...' from near the bottom left of the form.
  • Under 'Do the following...' select 'Redirect the message to...' then 'then following connector'.
  • Choose the connector 'StayPrivate'. Click 'OK'.
  • Click 'Save'. Your rule will start working within a couple of minutes.

Alternative rules

It is also possible to add rules so that emails sent to certain domains are always private. Simply add a new rule (Step 3 above) and under '*Apply this rule if...' select 'The recipient address matches...' then add domains. For example, you could add several patterns covering some of the most popular free personal email domains: @gmail. @outlook. @hotmail. @yahoo. @aol. @mail. @icloud.

You can add each domain separately. Alternatively you can make use of Exchange Online PowerShell to add a rule directly:

  • Open Windows Powershell.
  • Run the following command: $UserCredential = Get-Credential
  • Log in with your admin credentials.
  • Start a session with the following command: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
  • Run the following command: Import-PSSession $Session -DisableNameChecking
  • Then, for example, add a rule using the following:
New-TransportRule -Name "StayPrivate Rule" -AnyOfRecipientAddressMatchesPatterns ("@aim.","@alice.","@aliceadsl.","@aol.","@arcor.","@att.","@bellsouth.","@bigpond.","@bluewin.","@blueyonder.","@bol.","@btconnect.","@btinternet.","@btopenworld.","@centurytel.","@charter.","@chello.","@club-internet.","@comcast.","@cox.","@earthlink.","@email.","@facebook.","@free.","@freenet.","@frontiernet.","@gmail.","@gmx.","@googlemail.","@hetnet.","@home.","@hotmail.","@icloud.","@ig.","@inbox.","@juno.","@laposte.","@libero.","@lineone.","@live.","@mac.","@mail.","@mail2","@mail-2-you.","@mailadoc.","@maileme101.","@mailhr.","@mailinator.","@mailmetromedia.","@mailox.","@me.","@msn.","@mypostoffice.","@neuf.","@ntlworld.","@optonline.","@optusnet.","@orange.","@outlook.","@planet.","@protonmail.","@qq.","@rambler.","@rediffmail.","@rocketmail.","@sbcglobal.","@sfr.","@shaw.","@sky.","@skynet.","@sympatico.","@talk21.","@talktalk.","@telenet.","@telia.","@terra.","@throwam.","@tin.","@tiscali.","@t-online.","@tut.","@uol.","@verizon.","@virgilio.","@virgin.","@virginmedia.","@voila.","@wanadoo.","@web.","@windstream.","@wp.","@xs4all.","@yahoo.","@yandex.","@ymail.","@yopmail.") -RouteMessageOutboundConnector "StayPrivate"
  • Finally, don’t forget to log out of the session with: Remove-PSSession $Session

These instructions explain how to put in place a server-level rule so that all emails* sent from your domain to free webmail accounts are sent securely.

* This rule uses the domain names of the top 96 free global webmail providers. Our experience is that this list is normally sufficient, but if some of your recipients do use other providers, simply add these domains into the list below. If you need any help, please contact us at

Step 1 - Open the Gmail Admin area

  • Click on the app launcher icon top right (that's the icon with a grid of nine little dots).
  • Scroll down the list and select 'Admin'.
  • From the Admin Console, select 'Apps'.
  • In Apps Settings, select 'GSuite'.
  • From the list, select 'Gmail'.

Step 2 - Add the StayPrivate relay mail server as a host

  • Scroll down to the bottom of the list of settings and select 'Advanced settings'.
  • Select the 'Hosts' tab.
  • Click on 'ADD ROUTE' to add a new mail route.
  • Enter the name 'StayPrivate'.
  • Enter the hostname 'secure-comm-server' and port '587'.
  • Click 'Save'.

Step 3 - Add the StayPrivate email router

  • In the 'Advanced Settings' page, select the 'General Settings' tab.
  • Scroll down to 'Routing' section and click 'CONFIGURE'.
  • In 'Messages to affect' select 'Outbound'.
  • In 'Envelope filter' select 'Only affect specific envelope recipients.' Select 'Pattern match' from the dropdown. Then paste the following text into the text field:
  • In 'For the above types of messages, do the following' select 'Modify message' then 'Change route'. Select 'StayPrivate' from the dropdown.

Step 4 - Save your settings

  • Click on 'SAVE' bottom right. This is important - otherwise your changes may be lost.