Temporary mailbox for external users
The Temporary Mailbox for External Users
The temporary mailbox enables you to securely communicate by mail with any contact worldwide. This ensures that your mails are not sent unencrypted and therefore cannot be read or altered in transit. If you send an encrypted mail to your communication partner for the first time and the Guard cannot assign a PGP key to this mail address, a temporary mailbox will be provided for the recipient – a helpful feature for secure communication with partners who cannot or do not want to use encryption.
If the Guard cannot find a suitable OpenPGP key for the recipient’s mail address when creating an encrypted mail, it will display this with a green person icon (between the recipient’s mail address and the transport encryption check result). mailbox automatically creates a temporary mailbox for this recipient as soon as you send an encrypted mail to this contact.
Figure 1: Encrypt your sent emails even to recipients without a public PGP key.
Setup
The recipient will receive an email with the link to a temporary mailbox. The recipient can then open the link received with the first email in the browser. Since this email with the link to the temporary mailbox is sent in an unencrypted form, it could potentially be read and intercepted. For this reason, you should additionally secure access to the temporary mailbox with a PIN – as explained in the following section.
Figure 2: You will be prompted to enter the mailbox Guard password.
Figure 3: Note down the PIN and pass it on confidentially to your recipient.
Optional: Two-Way Authentication
When sending your contact the first encrypted message, you also have the option to protect your communication with two-factor authentication – ideally by assigning a PIN number when creating the temporary mailbox.
Provide this number to your contact via a third, preferably secure channel (e.g., personal meeting, phone call, letter …). The recipient will need both the link from the mail and the PIN to log in.
PIN for the External Mailbox
As the sender, you can later display the PIN number again. To do this, open the sent message in the Sent items folder, click on the context menu of the message, and select Check assigned PIN.
In this temporary mailbox, which is equipped with all our security features, your communication partner can read and reply to the encrypted mail. Their replies will also be encrypted automatically. Once a temporary mailbox is created, all encrypted mails sent from a mailbox address to the respective address will be delivered to the temporary mailbox. Mails sent from the temporary mailbox will be stored in the Sent folder.
As soon as the recipient opens the link and verifies with the PIN, they must create a password for their temporary mailbox (which cannot be changed later). This password cannot be changed because this is the only way to ensure that no attacker could misuse a potential reset mechanism.
Note: Temporary mailboxes are deleted after 90 days of inactivity.
Where can I find the PIN for the external mailbox?
You can display the PIN again in mailbox Office in the Mail section. Open – usually in the Sent items folder – the first mail you sent encrypted to the contact. In the context menu of the mail, click on the menu item Check assigned PIN.
Alternatively, you can also display the source text of this mail. There you will find the line in the header:
X-OxGuard-PIN:
Note: This line is inserted when storing the sent copy and is not part of the sent mail.