Secure Messaging

Learning Center

Back to top

Search Results


This page includes answers to common FAQs around administrating Secure Messaging archiving and storage details. If your question is not answered here, try reviewing the documentation available on this site. If your question is still unanswered, please contact Secure Messaging support:

What is the difference between journaling & archiving?

Journaling refers to capturing information about an electronic message while it is in transit. The journaled message may or may not be encrypted. Archiving, on the other hand, is primarily dedicated for backing up basic and encrypted messages to an off-site location (cloud archive). Archiving does not occur while the electronic message is in transit and users may have access to their own archived (decrypted) messages through a separate interface.

The Secure Messaging platform supports both methods. Notification messages (Encrypted messages, or stubs) can be journaled in transit when they arrive at the customer’s mail server. In order to have the decrypted messages and attachments put into the archive as well, the secure messages must be archived directly from the platform through automatic decrypting-APIs. Once decrypted, it is delivered to an SMTP relay through TLS where the archive provider will now have the encrypted (notification) journaled, and a separate entry with the decrypted secure message. For e-discovery purposes, this proves that a notification was delivered to the recipient, and exposes the content of the secure message in a separate entry.

Microsoft Exchange journaling intercepts outgoing or incoming messages and journals them to a specific archiving address. When sending a secure (encrypted) message, the actual message content is sent encrypted through the Secure Messaging platform. Consequently, Microsoft Exchange will only journal the message notifications that do not contain confidential data. In order to complete the archiving process, the Secure Messaging platform implements a direct method of decrypting and archiving to ensure that the secure message’s content is archived to the third-party archiving provider (cloud or on-premise).

Description of functionality and workflow:
When a secure message is sent, the secure message archiving functionality creates a copy of the secure message as a basic (normal) decrypted email message (server side), with the full message content decrypted in the body and attachments. The archiving system adds the specified archiving mailbox as an “envelope recipient address.”

Then, the system connects to the third-party archiving SMTP server, authenticates via TLS using the mailbox user credentials, and sends this copy of the original secure message, but decrypted. The third-party archiving system then handles the message and routes it to the correct archive location. A TLS connection to the third-party archiving SMTP server is required to ensure that the secure message content is not sent “in-the-clear” via public SMTP relay servers.

Since secure message content is retained by the secure messaging servers, messages can be archived in batches without worrying about content being deleted by users. Secure message content and attachments will be archived even if the secure attachments are deleted, or the message is recalled.

NOTE: It is important that the third-party archiving system does not relay the message to the original recipients since this will send the full message content decrypted.


How does Secure Messaging integrate with third-party email archiving solutions such as Global Relay?

Secure Messaging can sync secure messages to your email archive to maintain any existing compliance monitoring workflows. This is done through an API service directly between Secure Messaging and your archiving solution (such as Global Relay), and all messages are delivered securely over TLS. You can also get assistance from Secure Messaging support if you need help with setup or with obtaining the necessary information from Global Relay.


What is the size limitation on files delivered to a journal mailbox if it is a mailbox and not a third-party archiving platform like Global Relay?

Global Relay only accepts up to 100 MB. For Office 365, the default maximum is 25 MB. Office 365 account admins do, however, have the option to increase that to 150 MB.


I see the archive folder but didn’t see a way that a user would archive an email.  Do you know how a user would archive an email?

The archive folder is to support a legacy feature. A customer can archive all of their messages. We can configure your service to push each message transaction to an archiving service or an Inbox where journaling is enabled.


Are large files sent via Secure Messaging Platform archived?

Yes, the Secure Messaging Platform ensures that even large files are delivered securely into your archive to ensure all compliance requirements are met.


What happens when a file is too large to deliver to an archive or journal mailbox?

If a file is too large, Office 365 will reject the message and it will sit in the failed queue in the archive agent. Admins have access to a list of failed messages in the portal.


How long are messages and attachments retained for?

The default retention policy is indefinite for all data encrypted at rest. Each company portal can set the retention policy in days, months or years. Please note that this policy is applied to each message as they are created and is not retroactive, so it is recommended that you set your desired policy early on.


If a client requires message level retention in their Exchange database backups, how does that work with secure messaging?

A user receives a message stub for sent and received messages. The stub will reside in the Exchange architecture and continue to provide access to the secure message.


Can we expire secure messages automatically?

Yes, messages can be expired automatically after a specified amount of time.


We have clients who must exist in a continuous backup 10-year non-destructible email environment so that, if messages are recalled/shift-deleted/etc., there is still a permanent copy of that item somewhere that can be referenced or searched through for litigation/FOIA purposes. How does that work within the context of your product?

The environment can be configured so that secure messages are never deleted, even if removed from a user’s inbox. Additionally, secure messages can be archived to a third-party archiving system in real time.


Can files be permanently deleted from the server?

Files can be deleted from the server through the Message Retention feature in the admin portal. Secure message content and attachments can be set to be removed from the server after a specified period of time (i.e., 30 days, 6 months, 1 year, etc.). This can also be enabled at any time by sending a request to


If the attachments are deleted from the server, does that mean they are removed completely?

Attachments are stored for recovery/audit purposes even when deleted from the server.


Will the recipient still be able to download files that have been deleted from the server?



How does Secure Messaging ensure data storage compliance with data jurisdiction requirements?

All data (including messages, attachments, and e-signature documents) are stored on a Microsoft Azure server at rest using AES256 bit encryption in 4 MB chunks. The chunk file names are encrypted as is the Azure database reference to re-assemble the file. The files are exchanged securely from the user’s desktop to the Azure server in 4 MB chunks over HTTPS (which allows for large file transfers even for companies that restrict network traffic). The Azure deployment has quarterly security audits performed by KPGM. Enterprise Dedicated Cloud clients can also opt to have their own dedicated database schema and their own SSL certificate, thus isolating the data in storage ever further.


How much space are we allocated for storage?

Allocated storage is 20 GB per 10 users. E.g., three professional users = 6 GB of pooled storage for all users.

NOTE: You can keep sending messages and attachments even if you exceed the above storage amounts. You won’t be prevented from sending secure messages. However, you will be contacted to discuss storage usage options.


How do we get additional storage?

Secure Messaging will resolve the issue of additional storage when or if it becomes an issue. NOTE: You will not be prevented from sending secure messages/attachments if you go over your allocated limit.