GDPR Compliance - Anyone use Frama Rmail?

Does anyone use Frama Rmail and would you recommend it?

Didn't find your answer?

Frama Rmail - Does anyone here use it and is it really as good as it sounds?

Currently we PDF all sensitive data and password protect it before emailing it to clients. We've taken this approach to ensure we are GDPR compliant as obviously emails are completely unsecure. 

However, this method requires us to contact the client with the password to open the attachment and it takes some extra time PDFing and password protecting everything.  The IFA have recommended looking in to Frama Rmail. Apparently it allows you to send emails & their attachments completely encrypted, 100% safe and GDPR compliant, allows for electronic signatures from your clients and provides you with proof of delivery and opening. And apparently your client doesn't use a password to unlock the email - it identifies when it's arrived at the correct place and unencrypts ready for the client to read as if it were a standard email.

This sounds great and like a huge time saver but is it really as good as it sounds? I'd love it if someone who actually uses it could provide some feedback before we sign up Thanks.

Replies (6)

Please login or register to join the discussion.

avatar
By MKH
22nd Apr 2019 16:52

We have used it for a year - it does work, but....there are instances on mobile devices where there are problems, and bt email addresses. It does sometimes generate a password that usually occurs with apple devices.But we have signed up for year two.

Thanks (1)
avatar
By johnhemming
22nd Apr 2019 18:11

Email, if implemented properly, does have end to end encryption. If you want to have proof of opening then there are challenges under GDPR anything like a web beacon which occurs without permission could put you at risk of a GDPR fine.

There is, of course, an issue with email which is that you can send things to the wrong person. (or lots of wrong people).

I don't know anything about this specific software product, but it is best to be careful about the issue of knowing when people have read things. They need to opt in to this (which is possible with the read receipt which is available as part of normal email).

Thanks (0)
Elliott Chandler Picture
By elliottchandler
01st May 2019 23:33

Microsoft Office 365 has the option to send emails securely. It will encrypt the entire message.

Thanks (0)
Replying to elliottchandler:
avatar
By johnhemming
02nd May 2019 07:00

The issue, of course, is that the person receiving the email has to have a compatible decryption system.

You have two options:
a) To encrypt the email itself (or for example to attach a PDF or word document that is encrypted) ... or

b) To have the email communications (SMTP) encrypted. Port 25 is used initially for unencrypted communications. In the mid 1990s I got port 465 allocated for SSL communications (when I was doing a lot of cryptography, but before I concentrated on politics), but that moved on to having the communication potentially encrypted part way through with STARTTLS which also uses port 587.

If your mail client is up to it you can specify that the email must go through encryption. However, you need to be careful as some ISPs have done what are called man in the middle attacks and have trapped the email communication part way through (without a valid certificate, however).

Gmail is quite good at handling this, but I don't know what most of the other systems do. Microsoft probably do it right, but I have not checked.

I don't know what Rmail do.

Thanks (1)
Replying to johnhemming:
nsa newquay
By adam kay
02nd May 2019 16:07

Yeah I have heard about these "man in the middle" attacks. It's things like that which have made us look in to secure email services.
Rmail guarantee the email's security all the way to the receiver and the receiver doesn't need to have their own decryption system in place so I think we're going to give it a go. It should save us time not having to password protect everything we send.

Thanks for your help.

Thanks (0)
Replying to adam kay:
avatar
By johnhemming
02nd May 2019 16:50

What the ISPs did was really naughty as they didn't tell their users they were doing this. (It wasn't in the UK).

Google do quite a good job of tracking the encryption status of emails as they pass from server to server. What you need to do is to look at the email headers.

Doing this properly and in a way that does not undermine the operation of a business is quite technically difficult because it involves an interplay between various SMTP servers and the various mail clients.

I have seen implementations (not Rmail) which make a real hash of it by sending mail that cannot be encrypted to a web server where it gets stored for people to read it. The problem is that people don't always read it and that can itself cause problems. In my case it involved litigation where documents were not received because of the way in which the mail system operated.

Thanks (0)