Email Server Integration

For Organizations

If your organization comprises more than a few individuals, you will probably use your own email domain with email addresses such as 'name@my-company.com'.

In this case, you can use StayPrivate directly from your own email account. All you need to do is to follow the instructions below to add a rule to your email server to route emails securely via StayPrivate.

You can still use the StayPrivate web and mobile apps, but the advantage of a server-level integration is that it enables you to use your existing email clients to send secure emails, making it even easier to use and roll out StayPrivate across your organization.

See below for instructions on how to integrate StayPrivate with Office 365 and G Suite. For Microsoft Exchange Server, navigate to the EAC and follow the Office 365 rules below. For assistance with other email servers, get in touch with us at support@stayprivate.com.

These instructions describe how to use the Office 365 Exchange Admin area to put in place a server-level rule so that all emails containing the keyword '#stayprivate' are sent securely. You can create and combine a range of different rules using the Exchange Admin area. And for more complex rules, it may be easier to use Exchange Online Powershell. There is an example further below.

Step 1 - Log into Office 365 as Administrator and open the Exchange Admin area

  • From your Office 365 home page, select to display All Apps.
  • Select 'Admin'.
  • From the Admin Console, select 'Apps'.
  • In the left-hand menu, select 'Show all'.
  • Scroll down and under 'Admin centers' select 'Exchange'.

Step 2 - Add a connector to the StayPrivate relay server

  • In the left-hand menu, select 'mail flow'.
  • Select the 'connectors' tab.
  • Click on '+' to add a new connector.
  • Under ‘From:’ select ‘Office 365’. Under To: select ‘Partner organization’. Then click 'Next'.
  • Enter the name: 'StayPrivate'. Ensure ‘Turn it on’ is selected. Then click 'Next'.
  • Select 'Only when I have a transport rule set up that redirects messages to this connector'. Then click 'Next'.
  • Select 'Route email through these smart hosts'.
  • Click on '+' to add the StayPrivate smart host.
  • Enter the domain name 'mail2.secure-comm-server.com'. Then click 'Save'. Click 'Next'.
  • Ensure that 'Always use Transport Layer Security...' and 'Issued by a trusted cerificate authority (CA)' are selected. Click 'Next'.
  • Click 'Next'.
  • To validate the connector, click '+' and enter the test email address 'support@stapyrivate.com'. Click 'OK'.
  • Click 'Validate'. Office 365 will validate the new connector. This may take a minute or so. When it has finished, click 'Close'.
  • Click 'Save'.

Step 3 - Add a rule to use the connector

  • In 'mail flow', select the 'rules' tab.
  • Select '+' and 'Create a new rule...'
  • Enter the name 'StayPrivate Rule'.
  • Under '*Apply this rule if...' select 'The subject or body includes'. Then enter the keyword '#stayprivate'. Then click '+'. And click 'OK'.
  • Select 'More options...' from near the bottom left of the form.
  • Under 'Do the following...' select 'Redirect the message to...' then 'then following connector'.
  • Choose the connector 'StayPrivate'. Click 'OK'.
  • Click 'Save'. Your rule will start working within a couple of minutes.

Alternative rules

It is also possible to add rules so that emails sent to certain domains are always private. Simply add a new rule (Step 3 above) and under '*Apply this rule if...' select 'The recipient address matches...' then add domains. For example, you could add several patterns covering some of the most popular free personal email domains: @gmail. @outlook. @hotmail. @yahoo. @aol. @mail. @icloud.

You can add each domain separately. Alternatively you can make use of Exchange Online PowerShell to add a rule directly:

  • Open Windows Powershell.
  • Run the following command: $UserCredential = Get-Credential
  • Log in with your admin credentials.
  • Start a session with the following command: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
  • Run the following command: Import-PSSession $Session -DisableNameChecking
  • Then, for example, add a rule using the following:
New-TransportRule -Name "StayPrivate Rule" -AnyOfRecipientAddressMatchesPatterns ("@aim.","@alice.","@aliceadsl.","@aol.","@arcor.","@att.","@bellsouth.","@bigpond.","@bluewin.","@blueyonder.","@bol.","@btconnect.","@btinternet.","@btopenworld.","@centurytel.","@charter.","@chello.","@club-internet.","@comcast.","@cox.","@earthlink.","@email.","@facebook.","@free.","@freenet.","@frontiernet.","@gmail.","@gmx.","@googlemail.","@hetnet.","@home.","@hotmail.","@icloud.","@ig.","@inbox.","@juno.","@laposte.","@libero.","@lineone.","@live.","@mac.","@mail.","@mail2","@mail-2-you.","@mailadoc.","@maileme101.","@mailhr.","@mailinator.","@mailmetromedia.","@mailox.","@me.","@msn.","@mypostoffice.","@neuf.","@ntlworld.","@optonline.","@optusnet.","@orange.","@outlook.","@planet.","@protonmail.","@qq.","@rambler.","@rediffmail.","@rocketmail.","@sbcglobal.","@sfr.","@shaw.","@sky.","@skynet.","@sympatico.","@talk21.","@talktalk.","@telenet.","@telia.","@terra.","@throwam.","@tin.","@tiscali.","@t-online.","@tut.","@uol.","@verizon.","@virgilio.","@virgin.","@virginmedia.","@voila.","@wanadoo.","@web.","@windstream.","@wp.","@xs4all.","@yahoo.","@yandex.","@ymail.","@yopmail.") -RouteMessageOutboundConnector "StayPrivate"
  • Finally, don’t forget to log out of the session with: Remove-PSSession $Session

These instructions describe how to put in place two different types of rule: the first ensures that all emails containing the keyword '#stayprivate' are sent securely; and the second ensures that all emails sent to free webmail accounts* are sent securely. You can easily combine these rules and add more of your own.

* This rule uses the domain names of the top 96 free global webmail providers. Our experience is that this list is normally sufficient, but if some of your recipients do use other providers, simply add those too. If you need any help, please contact us at support@stayprivate.com.

(i) Set a keyword-based rule

Step 1 - Open the Gmail Admin area

  • Click on the app launcher icon top right (that's the icon with a grid of nine little dots).
  • Scroll down the list and select 'Admin'.
  • From the Admin Console, select 'Apps'.
  • In Apps Settings, select 'GSuite'.
  • From the list, click on 'Gmail'. This will open the Gmail settings page.

Step 2 - Add the StayPrivate relay mail server as a host

  • Select 'Hosts'.
  • Click on 'ADD ROUTE' to add a new mail route.
  • Enter the name 'StayPrivate'.
  • Enter the hostname 'mail2.secure-comm-server.com' and port '587'.
  • Click 'Save'.

Step 3 - Add the StayPrivate rule

  • Go back to the Gmail settings page by clicking on 'Settings for Gmail' near the top.
  • Scroll down to the bottom and select 'Advanced settings'.
  • Scroll down to the 'Compliance' section, hover over 'Content compliance' and click 'ADD ANOTHER'.
  • Under 'Content compliance' enter a name for rule, such as '#stayprivate'.
  • In '1. Email messages to affect' select 'Outbound'.
  • In '2. Add expressions that...' select 'ADD'.
  • Under 'Content' enter '#stayprivate'.
  • Select 'SAVE'.
  • In '3. If the above expressions match, do the following' under 'Route' select 'Change route'.
  • Click on 'Normal routing' and select 'StayPrivate'.
  • Select 'ADD SETTING'.

Step 4 - Save your settings

  • Click on 'SAVE' bottom right. This is important - otherwise your changes may be lost.

(ii) Set a recipient-based rule

Step 1 - Open the Gmail Admin area

  • Click on the app launcher icon top right (that's the icon with a grid of nine little dots).
  • Scroll down the list and select 'Admin'.
  • From the Admin Console, select 'Apps'.
  • In Apps Settings, select 'GSuite'.
  • From the list, click on 'Gmail'. This will open the Gmail settings page.

Step 2 - Add the StayPrivate relay mail server as a host

  • Select 'Hosts'.
  • Click on 'ADD ROUTE' to add a new mail route.
  • Enter the name 'StayPrivate'.
  • Enter the hostname 'mail2.secure-comm-server.com' and port '587'.
  • Click 'Save'.

Step 3 - Add the StayPrivate routing rule

  • Go back to the Gmail settings page by clicking on 'Settings for Gmail' near the top.
  • Scroll down to the bottom and select 'Advanced settings'.
  • Scroll down to 'Routing' section, hover over 'Routing' and click 'CONFIGURE'.
  • Under 'Add setting' add a name for the rule, such as 'StayPrivate routing'.
  • In 'Messages to affect' select 'Outbound'.
  • In 'Envelope filter' select 'Only affect specific envelope recipients.' Select 'Pattern match' from the dropdown. Then paste the following text into the text field:
(@aim.|@alice.|@aliceadsl.|@aol.|@arcor.|@att.|@bellsouth.|@bigpond.|@bluewin.|@blueyonder.|@bol.|@btconnect.|@btinternet.|@btopenworld.|@centurytel.|@charter.|@chello.|@club-internet.|@comcast.|@cox.|@earthlink.|@email.|@facebook.|@free.|@freenet.|@frontiernet.|@gmail.|@gmx.|@googlemail.|@hetnet.|@home.|@hotmail.|@icloud.|@ig.|@inbox.|@juno.|@laposte.|@libero.|@lineone.|@live.|@mac.|@mail.|@mail2|@mail-2-you.|@mailadoc.|@maileme101.|@mailhr.|@mailinator.|@mailmetromedia.|@mailox.|@me.|@msn.|@mypostoffice.|@neuf.|@ntlworld.|@optonline.|@optusnet.|@orange.|@outlook.|@planet.|@protonmail.|@qq.|@rambler.|@rediffmail.|@rocketmail.|@sbcglobal.|@sfr.|@shaw.|@sky.|@skynet.|@sympatico.|@talk21.|@talktalk.|@telenet.|@telia.|@terra.|@throwam.|@tin.|@tiscali.|@t-online.|@tut.|@uol.|@verizon.|@virgilio.|@virgin.|@virginmedia.|@voila.|@wanadoo.|@web.|@windstream.|@wp.|@xs4all.|@yahoo.|@yandex.|@ymail.|@yopmail.)
  • In 'For the above types of messages, do the following' select 'Modify message' then 'Change route'. Select 'StayPrivate' from the dropdown.

Step 4 - Save your settings

  • Click on 'SAVE' bottom right. This is important - otherwise your changes may be lost.