Message Portal
The Conbool Message Portal enables secure email communication without certificates or keys — with magic links, threading, quotas and audit log.
Message Portal — Overview
The Conbool Message Portal is the third option for secure email communication alongside S/MIME and PGP. Unlike certificate-based methods, it requires no certificates or keys. Recipients access their messages via a short-lived, cryptographically secured magic link.
Particularly convenient: senders continue to send directly from Outlook or any other email client. The message is automatically redirected to the portal in the background through routing and stored there in encrypted form.
How Does the Portal Work?
- Sender sends an email as usual via Outlook or another client.
- Conbool detects based on the routing rules that portal delivery should occur.
- The message is encrypted and stored in the portal (AES-encrypted EML).
- The recipient receives a notification via email with a magic link.
- The recipient clicks the link and views the message in the browser — including attachments.
- The recipient can reply directly in the portal — the reply is delivered back encrypted.
Security Features
Magic Links
- Single-use: Each link can only be used once for authentication.
- Time-limited: Links have a configurable expiration date.
- Session-bound: The link is bound to the browser session and IP address.
- Cryptographically signed: Manipulation of the link is detected.
Integrity Check
Each stored message has a SHA-256 content hash. Integrity is verified on every retrieval:
integrityOk: true— Message has not been altered.integrityOk: false— Possible manipulation detected (logged in the audit log).
Delivery Modes
| Mode | Description |
|---|---|
| portal_secure | External recipients: Notification only via email, content only accessible through the portal. |
| relay | Internal recipients: Full content is delivered via relay, additionally stored in the portal. |
Threading & Replies
The portal supports full conversations:
- External recipients reply directly in the portal (no account required).
- Internal recipients (Conbool customers) can also reply via email client — Conbool automatically assigns the reply to the thread via the
In-Reply-Toheader. - Thread depth: Maximum 30 messages per thread.
- Notification: The sender is notified via email about new replies.
Storage & Quotas
Tenant Quota
The total storage quota of a tenant is calculated from the subscription:
- Per SecureMail unit: 2 GB storage.
- Additional portal quota depending on the plan.
Member Quotas
Storage can be limited per member:
| Setting | Description |
|---|---|
| Default Quota | Applies to all members without an individual quota (default: 2 GB) |
| Individual Quota | Configurable per member under Portal > Storage |
When a member has reached their quota, no new messages can be sent via the portal until storage is freed up.
Retention & Deletion
| Setting | Description |
|---|---|
| Retention Period | Messages are automatically deleted after X days (configurable, default: unlimited) |
| Per-Message Expiry | Senders can set an individual expiration date per message |
| Bilateral Deletion | A message is only physically deleted when both sender and recipient have deleted it |
Audit Log
All portal actions are logged in a tamper-proof manner:
| Action | Description |
|---|---|
sent | Message was sent via the portal |
read | Message was read by the recipient |
deleted | Message was deleted |
attachment_downloaded | An attachment was downloaded |
Each entry contains:
- User ID and email address of the actor
- IP address of the client
- Timestamp
- Details (e.g., integrity check, delivery channel)
The audit log is particularly relevant for compliance evidence (GDPR, NIS2) and serves as non-repudiation proof.
Digest Notifications
Recipients can receive periodic summaries of their portal messages:
| Setting | Description |
|---|---|
| Interval | never, hourly, daily, weekly |
| HTML Template | Custom template with placeholders ({{subject}}, {{rows}}, {{domain}}) |
| Language | Language of the digest email |
Advantages
- No certificate or key management required
- Ideal for external recipients without their own encryption solution
- Bidirectional communication via threads
- Tamper-proof audit log
- Integrated storage management with quotas
- Automatic retention policies
Limitations
- Access for recipients only online via the portal (no offline use)
- For permanent internal encryption, S/MIME or PGP are better suited
- Maximum thread depth: 30 messages
Further Documentation
- Configuration — Activate the portal and set up notifications
- Delivery Process — How messages are automatically redirected to the portal
- Replies & Interactions — How recipients reply in the portal
Required Permissions
| Action | Permission |
|---|---|
| View portal messages | portal.read |
| Configure portal | portal.manage |
| Manage quarantine | quarantine.manage |