Email Security Policies

Introduction

Zivver offers different verification methods to the Sender and its Organization to make sure that information is sent with the right protection. These methods range from asking the Recipient to enter a SMS code to be able to read the message, to receiving the information directly readable. With these, the receiving organization can securely exchange information with minimal impact on the work process. Organizations can set up their own Email Security Policy in Zivver. This policy can consist of a mix of verification methods. Then, end users can select the right one for their message. Some of these verification methods are automatically applied, while others can be selected manually. Which methods are applicable for a specific message, depends on the type of information that is exchanged. But it also depends on the Sender and/or Recipients. For example, it will not always be possible or necessary to go for the highest level of security. This document explains the different verification methods. With these, an organization can set up its own Email Security Policy in Zivver.

Verification Methods

When a Zivver message is sent, the following Verification Methods may be applied to that message. These methods are divided into the options Basic, Special and Transport Security Compliance.

Basic Verification Methods

  • Zivver
  • SMS code
  • Access code
  • Verification email

Special Verification Methods

  • NTA 7516
  • Inbound Direct Delivery

Transport Security Compliance

  • TLS
  • PKIX
  • PANE
  • DANE

Basic Verification Methods

The following Verification Methods are part of the basic set of methods that Zivver offers to Organizations out-of-the-box.

  • Zivver
  • SMS code
  • Access code
  • Verification email

In the sections below each method is explained. In the chapter Setting up an Email Security Policy you will learn how you can enable or disable a specific verification method for your organization.

Zivver

When the Recipient has a Zivver account, the message can be read after logging in to Zivver. As such this Verification Method is automatically applied when the recipient has a Zivver account. This can be both a free Zivver account or an account that belongs to an Organization. Every Zivver account is protected with a 2FA (Two-Factor Authentication), so the Recipient can only read the message after logging in to Zivver and presenting a 2FA. The sensitive information is not delivered in the inbox of the Recipient, but a notification message is delivered instead.

As this method is automatically applied it can’t be changed into a different method by the End User.

SMS Code

When a message is protected with a SMS code, the Recipient can read the message after entering a SMS code received on a mobile number. As such using this method will protect the message with Two-Factor Authentication (2FA). The sensitive information is not delivered in the inbox of the Recipient, but a notification message is delivered instead.

This Verification Method can be used when the mobile number of the Recipient is known before the message is sent. There are different ways in which a message can be protected with a SMS code:

  • In the Address Book of Outlook there’s a mobile number available for the Recipient. This number is automatically selected to protect the Zivver message with a SMS code.
    This option is only available when using Microsoft Outlook for desktop together with the Zivver Office Plugin.
  • The Sender enters a new mobile number for the Recipient.
  • The Recipient has received and read a message from the Sender before. This message was protected with a SMS code. The mobile number that was used, is now automatically selected for a new message. As the mobile number is automatically stored in the personal Zivver Contact Book of the Sender.
  • In the Organization’s Shared Contact Book in Zivver there’s a mobile number known for the Recipient. This number is automatically selected for a new message.

Zivver clients might ask the Sender to fill in the mobile number of the Recipient, to automatically apply SMS code verification.

Access Code

When a message is protected with an Access Code, the Recipient can read the message after entering the Access Code. The sensitive information is not delivered in the inbox of the Recipient, but a notification message is delivered instead.

This Verification Method can be used when the Access Code can be shared with the Recipient without emailing it. The Access Code is not a password that must meet certain complex requirements. Instead it is an access code that the Sender shares with the Recipient. For example while talking to each other face-to-face or via the phone.

If it is not possible to exchange the Access Code with the Recipient upfront, the Sender can automatically communicate a hint instead. This hint tells the Recipient what the Access Code could be. Such as that the Access Code is the Patient Number of the Recipient, which can be found on the Patient Card of the hospital. This hint is shown to the Recipient in the screen where the Access Code needs to be filled in, to be able to read the securely received message. There are different ways in which a message can be protected with an Access Code:

  • The Sender enters a new Access Code for the Recipient.
  • The Recipient has received and read a message from the Sender before. This message was protected with a specific Access Code. That code is now automatically selected for a new message. As the Access Code is automatically stored in the personal Zivver Contact Book of the Sender.
  • In the Organization’s Shared Contact Book in Zivver there’s an Access Code known for the Recipient. This code is automatically selected for a new message.

Verification E-mail

When a message is protected with a verification email, the Recipient has to enter a verification code to read the message. On request this verification code is sent to the email address of the Recipient. The sensitive information is not delivered in the inbox of the Recipient, but a notification message is delivered instead. As such the verification email is not intended to protect the message with Two-Factor Authentication (2FA). The verification email lets the Recipient confirm its email address. This makes it more difficult to read the message when the notification message is being forwarded to someone else than the intended recipient. In the Zivver Office Plugin there’s a setting to automatically select verification email, when the Sender didn’t select any other verification method. Refer to the Zivver Office Plugin Registry Keys manual for more information.

Special Verification Methods

  • NTA 7516
  • Inbound Direct Delivery (IDD)

In the sections below each method is explained.

NTA 7516

The message is delivered in accordance with the NTA 7516, the Dutch norm to exchange healthcare and legal information. This method is only available when both the Sender and the Recipient meet the NTA 7516 requirements.

Inbound Direct Delivery (IDD)

When a message is received with Inbound Direct Delivery (IDD), the message is directly readable by the recipient. This means that there’s no Zivver client needed to decrypt the message. Examples of a Zivver client are the Zivver Office Plugin and the Zivver Webapp.

With IDD, organizations can securely receive messages in a Document Management System (DMS) or a Customer Relationship Management (CRM) application, for which there’s no Zivver client available.

Do note that all other verification methods discussed in this manual are about delivering information with the right level of security to a Recipient. IDD is used to receive information with the right level of security.

IDD is only available for organizations with a Zivver license. To be able to securely deliver the (sensitive) information, the receiving mail server of the organization must meet one of the following requirements:

  • TLS v1.2 and higher + a valid certificate, or
  • DNSSEC + a valid certificate, or
  • DANE

Next to the requirements for the mail server, the receiving domain should be claimed within the Zivver organization.

IDD can be combined with the use of a Zivver client. For example, receiving an IDD message in Microsoft Outlook for desktop with the Zivver Office Plugin installed. In that case the End User will still see the Zivver conversation when viewing a securely received message. But in the inbox there’s no longer a notification message received but the unencrypted message.

Transport Security Compliance

Transport Security Compliance offers an alternative to the Basic Verifications Methods to make sure that sensitive information is protected with the right security level. Although the Basic Verification Methods might offer a higher level of security, this is not always required for every message. When a Basic Verification Method is applied, a notification message is delivered to the Recipient. With Transport Security Compliance this is not the case, as the sensitive information is delivered unencrypted. This means that a Guest Recipient can read the message right away in their Mail client. The following verification methods are part of the set of minimal security levels that Transport Security Compliance offers:

  • TLS: TLS v1.2 and higher
  • PKIX: TLS v1.2 and higher + a valid certificate.
  • PANE: PKIX + DNSSEC
  • DANE: DNSSEC + TLSA

If the receiving mail server supports the requested minimal security level, the message will be securely delivered unencrypted. If the receiving mail server doesn’t support the requested minimal security level, the basic verification methods can be used instead.

Verification methods compared

In the table below you will find an overview of the different verification methods compared with each other

Category Type Applied When to use Recipient receives
Basic Zivver Automatically, can’t be changed The Recipient has a Zivver account. Notification message
SMS code Automatically or manually The mobile number of the Recipient is known upfront before sending. Notification message
Access code Automatically or manually The Sender and Recipient can exchange an access code without emailing it. Notification message
Verification email Automatically or manually When it’s not needed or possible to protect the message with a higher security level. Notification message
Special NTA 7516 Automatically, can’t be changed When both the Sender and the Recipient are NTA 7516 compliant. Directly readable message
Inbound Direct Delivery Automatically, can’t be changed When the Recipient has enabled Inbound Direct Delivery in Zivver. Directly readable message
Transport Security Compliance TLS / PKIX / PANE / DANE Automatically When the Recipient’s mail server supports this requested minimal security level. Directly readable message

Setting up an Email Security Policy

Organizations can determine in their Email Security Policy which verification methods are available for employees to protect information with the right level of security. The basic verification methods are automatically enabled and can be viewed and changed by a Zivver admin on the Verification Methods settings page. The Special Verification Methods and Transport Security Compliance are handled differently:

  • NTA 7516 Refer to the NTA 7516 Compliance Manual for more information on how to meet the NTA 7516 requirements. Meeting the NTA 7516 requirements will automatically make this verification method available to Senders when the Recipient is also NTA 7516 compliant.
  • Inbound Direct Delivery (IDD) The IDD settings are hidden by default. Send an email to Support to make these settings available for your organization. Once available and when meeting the technical requirements, IDD can be enabled here.
  • Transport Security Compliance

Send an email to Support to make one of the verification methods available for your organization.

Mail Submission

With Mail Submission, organizations can automatically send messages securely from any application that can use a custom SMTP connection. In a Zivver client the End User can see which verification methods are available for the Recipient. This is not possible when a message is securely sent with Mail Submission. Because of that Mail Submission will automatically apply a verification method in the following order:

  • Zivver
  • NTA 7516
  • SMS
  • Access code
  • Inbound Direct Delivery (IDD)
  • Transport Security Compliance
  • Verification email

If verification email is disabled in the Email Security Policy of the organization, it can still apply to messages sent via Mail Submission. This is done to prevent the message from not being sent, when none of the other verification methods apply. Refer to the Mail Submission manual for more detailed information. Mail Submission is additional functionality in Zivver. Contact Support if you have any questions about if Mail Submission is part of your contract with Zivver.