4 Replies Latest reply on Jul 28, 2016 2:57 PM by lizbogan

    Email Encryption



      I need help with sending encrypted emails from FileMaker.  I'd like to look at two options - sending emails securely with SSL, and encrypting the email contents.
      1) When sending email via SMTP in FileMaker, we are warned that “FileMaker cannot perform a certificate check to verify that the server that you specify is the server that replies”.  I don’t know how to gauge this risk.  Can Outlook and Mac Mail perform certificate checks?


      2) If my client wants to encrypt the email content with encryption keys, I know FileMaker is going to need help.


      - I could send emails via the user’s email client, which presumably will be set up to handle this.  There are minor complications here, with designating the “From” address to be different from the user’s email address.


      - I will be backing a PHP website with the database.  The PHP developer can send encrypted emails if I pass him the filename of the encryption key (the keys would be stored on the web server machine).  Is there any way for me to leverage this from within FileMaker?


      - I don’t know what’s possible on the IT end.  It’s a small, five person company.  But is it possible IT could set up a web server that would handle the encryption, and that would take the task of encrypting off of FileMaker?


      Thank you!



        • 1. Re: Email Encryption

          There are plugins you can use with FileMaker for encrypting/decrypting. See BaseElements or MBS (MonkeyBreadSoftware) for examples.

          • 2. Re: Email Encryption

            Plugins can also do several attachments.


            And if you pass the certificate file for the server to MBS Plugin, it will not connect if someone creates his own valid certificate for a man in the middle attack.

            • 3. Re: Email Encryption

              Thank you, Philip and Christian!  I'm looking into both of the plugins right now...

              • 4. Re: Email Encryption

                For anyone searching the archives, my original post has outdated information.  I was referring to knowledge base articles that hadn't been updated for FileMaker 15 (but mistakenly said they applied to FM15). 


                The FM15 online help says:


                FileMaker Pro verifies the SSL certificate of an SMTP server that is using an encrypted connection. If the certificate cannot be verified, users can choose to connect anyway or cancel to skip this script step. If the certificate cannot be verified and the Set Error Capture script step is set to On, this script step behaves as if the server were unavailable. If the certificate cannot be verified in server-side scripts, Custom Web Publishing, and FileMaker WebDirect, this script step behaves as if it had been canceled by the user.





                I called Tech Support, who checked with the engineers, and reported back to me that for FM15:

                You can ignore the note on article 6991 and look at the help file


                So FileMaker 15 does perform certificate checks when sending email via SMTP.