Conbool Email Security Suite

The Conbool Email Security Suite combines powerful modules to fully secure and standardize your company communication:
SecureMail for outbound encryption, MailGuard for inbound protection, and the Disclaimer/Signature Manager for centrally managed signatures, disclaimers, and branding — including an optional Outlook add-in.

Conbool SecureMail – Automated Email Encryption & Signing

Category: Encryption & Signing

• S/MIME encryption and signing for outbound emails
• Decryption and signature verification of inbound emails using S/MIME
• PGP/OpenPGP encryption and signing for outbound emails
• Decryption and signature verification of inbound emails using PGP/OpenPGP
• Support for modern protocols (S/MIME, PGP, SMTP)
• Automatic verification of DKIM and ARC chains, as well as signing
• Parallel use and routing of S/MIME & PGP at the same time
• Granular cryptography policies
• Comprehensive algorithm support (AES-GCM/CBC, RSA, ECC, SHA)
• Crypto status report with detailed information
• Automatic notifications on errors (bounce email, logs, error code)
• Optional signature removal on inbound emails
• Subject line commands (!encrypt, !sign, !portal, etc.)
• Subject manipulation (e.g., [Signed])
• Server-side cryptographic operations

Category: Certificate & Key Management

• Centralized key and certificate management
• Automatic S/MIME certificate detection and storage from inbound emails
• Automatic PGP key detection and storage from inbound emails
• Automatic creation and renewal of self-signed certificates
• Automatic request and renewal of certificates from Managed PKIs (MPKIs)
• Manual import and export of keys or certificates
• LDAP lookup of keys and certificates
• Integration with SwissSign MPKI
• Integration with D-Trust MPKI
• Integrated internal PKI
• End-user certificate issuance
• Support for private and public key pairs
• Certificate request, renewal, and revocation via the portal

Category: Secure Message Portal

• Keyless secure message portal for recipients without their own certificates
• Seamless integration into the email workflow
• Encrypted message storage with automatic deletion after expiry
• Time- and origin-restricted access without third parties
• Traceable message status (open, read, expired)
• Portal notifications and magic-link authentication

Conbool MailGuard – Spam & Malware Protection

1. Scope of Services

MailGuard provides functions for the automated analysis of incoming emails and their components and for processing them based on defined rules, scores, and policies.
Depending on the outcome of the inspection, messages may in particular be:

• delivered,
• marked,
• rewritten,
• supplemented with prefixes or notices,
• moved to quarantine,
• rejected,
• or otherwise processed in accordance with the configured policies.

MailGuard is intended for risk reduction in email communications and for supporting operational security and compliance processes.

2. Functional Areas

2.1 Spam, Phishing, and Threat Assessment

MailGuard can assess incoming messages based on technical, structural, reputation-related, content-related, and behavior-related characteristics.

Supported functions may include in particular:

• real-time assessment of incoming messages based on defined inspection rules
• detection of typical spam and phishing characteristics
• heuristic and signal-based analysis of suspicious messages
• AI-assisted assessment of potential threat indicators
• inspection of headers, envelope data, and routing characteristics
• evaluation of sender and delivery characteristics
• analysis of typical characteristics of fraudulent or manipulatively designed emails
• detection of conspicuous deviations between visible and technical sender information
• assessment of suspicious wording, structures, or deception patterns, where technically предусмотрено

Assessment is based on the activated inspection paths and configured thresholds in each case.

2.2 Reputation and Infrastructure Checks

MailGuard can use technical information to assess the origin and trustworthiness of incoming messages.

This may include in particular:

• sender reputation assessment
• use and integration of RBLs / blocklists
• IP-based checks
• reverse DNS checks
• SPF-related checks, where provided for in the technical implementation
• DKIM / ARC-related checks, where provided for
• checks for technical delivery anomalies
• detection of inconsistent or unusual delivery paths
• greylisting functionality
• whitelist / blacklist-based decisions
• customer-specific allowlists, exception lists, and blocklists

The reliability of such checks also depends on external data sources and their timeliness.

2.3 Link Protection and URL Assessment

MailGuard can analyze links, domains, and destination addresses contained in emails and assess them based on configured rules.

Supported functions may include in particular:

• extraction and inspection of URLs from message content
• assessment of visible and actually referenced destination addresses
• detection of suspicious, obfuscated, or redirected links
• inspection of link patterns, URL structures, and destination domains
• inclusion of reputation information relating to links or destination systems
• detection of typical phishing or deception indicators in links
• checks against known or suspicious URL categories
• assessment of short URLs, redirects, or technically suspicious forwarding chains
• policy-based handling of links
• optional rewriting or labeling of links, where configured
• delayed or delivery-proximate link inspection (“time-of-click” / downstream assessment), where technically provided and enabled

Depending on the configuration, suspicious or policy-violating links may be marked, logged, rewritten, blocked, or otherwise handled.

2.4 QR Code Detection and QR-Related Checks

MailGuard can analyze embedded or attached graphical content in emails for machine-readable QR codes, provided that the relevant module is enabled.

Supported functions may include in particular:

• detection of QR codes in supported image formats or document contents
• extraction of destination information contained in the QR code
• assessment of contained URLs or other encoded content
• inclusion of QR destination information in the overall risk assessment
• marking or separate handling of messages containing QR-based destination references
• combining QR code inspection with link protection and reputation mechanisms

The detectability of QR codes may depend in particular on image quality, encryption, embedding method, format, resolution, and document structure.

2.5 Attachment Filtering and File Type Inspection

MailGuard can analyze file attachments based on technical and content-related characteristics and handle them in accordance with policies.

Supported functions may include in particular:

• identification and inspection of file attachments
• file type and MIME type assessment
• comparison of file extension and actual file type
• detection of conspicuous, unwanted, or policy-violating file formats
• filtering of certain file categories
• inspection of embedded or nested archive structures, where technically possible
• detection of executable or potentially risky file types
• policies for certain document, script, archive, or binary formats
• handling of nested archives up to the configured inspection depth
• decisions depending on file type, structure, origin, recipient, or policy

Depending on the configuration, attachments may be allowed, blocked, removed, isolated, renamed, marked, or forwarded to alternative inspection paths.

2.6 Cleaning / Sanitization of Attachments and Content

MailGuard can, where enabled, automatically clean or neutralize certain file types or content in order to reduce risks arising from active or unwanted components.

Supported functions may include in particular:

• removal or neutralization of active content in supported file formats
• cleaning of certain Office or document components
• removal of embedded active elements, where technically provided
• reduction of risky file components within supported sanitization procedures
• cleaning based on defined format and security rules
• replacement of original attachments with cleaned versions, where configured
• labeling, logging, or notice text for cleaned content
• alternative handling where cleaning fails, e.g. blocking, quarantine, or delivery with notice

The cleaning function is limited to supported file formats, inspection paths, and procedures.

2.7 Malware-Related Checks

MailGuard can inspect messages and attachments for indications of potentially malicious content.

Supported functions may include in particular:

• integration of malware-related inspection mechanisms
• signature-based, rule-based, or heuristic content inspection
• inspection of supported attachments for known or suspicious characteristics
• analysis of unencrypted archive contents, where technically possible
• forwarding to additional inspection or analysis components, where connected
• consideration of inspection results in the overall decision
• alternative handling in the event of a positive or inconclusive inspection result

Depending on the configuration, malware assessment may result in delivery, marking, cleaning, quarantine, or rejection.

2.8 Data Loss Prevention (DLP) and Content Policies

MailGuard can, where enabled, inspect the content of incoming messages and attachments based on defined DLP and content policies.

Supported functions may include in particular:

• checks for sensitive or defined content patterns
• detection of certain data formats, identifiers, or regular patterns
• policies for personal, confidential, or internal company information
• rule-based content inspection of subject lines, message bodies, headers, and supported file contents
• DLP inspection depending on sender, recipient, domain, group, direction, or context
• differentiated policies by tenant, organizational unit, recipient group, or protection requirement
• escalation and decision logic in the event of policy violations
• marking, rerouting, quarantining, rejecting, or logging in accordance with policy
• combination of DLP with attachment rules, link protection, and other inspection functions

The specific detection logic and coverage depend on the enabled rules, the supported content types, and the customer-specific configuration.

2.9 Policies, Scores, and Decision Logic

MailGuard supports configurable rule-based and score-based decision-making.

Supported functions may include in particular:

• configurable thresholds, e.g. SpamScore, MarkScore, BlockScore
• differentiated decision levels
• multi-stage rule sets
• policy-based handling by sender, recipient, domain, group, message type, or characteristics
• recipient-specific assessment
• context-based exceptions and special rules
• quarantine and release logic
• routing, redirection, and delivery decisions
• rejection and refusal rules
• combination of multiple inspection results into an overall assessment
• multi-tenant policy control
• priority logic for rule resolution

The specific decision logic depends on the policy configuration in place in each case.

2.10 Marking, Rewriting, and Message Handling

MailGuard can technically modify or supplement messages in accordance with defined policies, provided that the relevant function is enabled.

Supported functions may include in particular:

• subject prefixes or policy notices, e.g. in cases of suspected spam or phishing
• insertion of technical warnings or labels
• adjustment or supplementation of defined headers
• removal or reduction of certain technical headers, where provided for
• marking of risky messages for downstream processing
• alternative handling paths depending on the risk class

The specific technical handling depends on the enabled rules and the integration environment.

2.11 Quarantine and End User Functions

MailGuard can provide quarantine functions for administrators and, where provided for, for end users.

Supported functions may include in particular:

• central quarantine for suspicious or held messages
• end user quarantine
• release or review processes in accordance with the role and rights concept
• logging of releases, decisions, or delivery paths
• configurable retention and visibility rules
• notifications regarding quarantined messages, where enabled

The availability of individual quarantine functions may depend on the license scope, the user role, and the respective technical environment.

2.12 Logging, Traceability, and Reporting

MailGuard can log technical decisions and inspection paths and make them traceable within the scope of the provided functions.

Supported functions may include in particular:

• logging of assessments, rules, and decisions
• documentation of relevant technical inspection paths
• score and source indicators, where technically available
• traceability of delivery, quarantine, or rejection decisions
• visibility into technical event data within the scope of the provided monitoring
• export and reporting functions, where provided for

The scope and level of detail of logging depend on the product configuration, retention periods, data protection requirements, and deployment model.

Limitations of Service and Notes

MailGuard is intended for risk reduction in email communications.
Due to the continuously evolving threat landscape, new attack patterns, zero-day vulnerabilities, obfuscation techniques, customer-specific configurations, dependencies on third-party information and third-party infrastructures, as well as technical limitations of analysis, it cannot be guaranteed that every malicious, unwanted, fraudulent, or policy-violating message, every malicious link, every QR code, every attachment, or any other content will be detected, blocked, cleaned, neutralized, or correctly classified in every individual case.

Likewise, it cannot be ruled out that legitimate messages or content may in individual cases be incorrectly marked, delayed, rewritten, cleaned, quarantined, or blocked.

The provision of MailGuard functions does not constitute a guarantee of any specific security-related outcome in an individual case.

The specific protective effect depends in particular on:

• the customer-specific configuration,
• the activated modules,
• the quality and timeliness of external data sources,
• the technical integration environment,
• the policies and exceptions in use,
• the nature of the attack or content,
• as well as the customer’s cooperation in operation, monitoring, and follow-up.

Conbool Disclaimer/Signature Manager – Central Signatures, Disclaimers & Branding

Category: Templates & Editor

• Central management of email signatures, disclaimers, banners, and notices
• HTML and text templates with a professional template editor
• Reusable building blocks (e.g., contact block, social links, legal notices)
• Asset management for logos, images, and banners (upload, storage, reuse)
• Multilingual templates (e.g., DE/EN/FR …) based on recipient/language logic
• Preview and testing features for common email clients

Category: Placeholders & Personalization

• Dynamic placeholders (e.g., name, title, department, phone number, location)
• Company/tenant placeholders (e.g., company name, address, domains)
• “Remove if empty” rules (automatic removal of empty fields/blocks)
• Consistent output across different data sources

Category: Routing, Rules & Exceptions

• Rule-based assignment of signatures/disclaimers (routing)
• Conditions based on sender, recipient, domains, groups, mailboxes, or tenant
• Exceptions (e.g., certain recipients, subject contains, header contains)
• Time-based scheduling for campaigns (e.g., banners only within a date range)
• Priority logic for deterministic rule resolution

Category: Delivery (Server-side & Client-side)

• Server-side delivery via the gateway (e.g., during sending/transport)
• Optional client-side delivery via the Outlook add-in
• Consistent branding for outbound emails across the entire organization
• Configurable modes (e.g., outbound only, specific domains only, specific groups only)

Category: Outlook Add-in (optional)

• Central deployment within the Microsoft 365 tenant (e.g., Central Deployment)
• Signature insertion directly into the email draft (Outlook Desktop/Web – depending on environment)
• Compatibility with common enterprise policies and security requirements
• Multi-tenant control and role-based admin functions
• Logging of technical events for troubleshooting (without email content)

Conbool Platform – Cross-Product Features

Category: Architecture & Deployment

• Flexible deployment models (SaaS, on-premise, hybrid)
• Highly available SaaS hosting
• Cluster operation and load balancing
• Windows and Linux support (RHEL, Ubuntu)
• Support for hybrid environments and legacy systems
• Multi-tenancy architecture with dedicated namespaces
• TLS 1.2 / 1.3 SMTP transport encryption
• Flexible SMTP connectors and smarthost routing
• Microsoft 365 connectors and Exchange compatibility

Category: Administration & Monitoring

• Central user management
• Active Directory / LDAP import
• Azure AD / Entra ID integration
• Role-based access control (RBAC)
• Multi-level roles (Primary Owner, Owner, Operator, etc.)
• Two-factor authentication (2FA)
• Central message tracing
• Detailed mailflow and cryptography logs
• Audit logs with timestamps
• Live dashboard with up to 90 days of history
• CSV export for analysis
• Cross-tenant reporting

Category: Security & Compliance

• EU-only data residency
• GDPR compliance and DPA included
• ISO 27001-certified infrastructure
• TLS encryption for all transport paths
• 99.9% guaranteed availability (SaaS)
• Regular maintenance windows and security updates

Category: Customer Experience & Support

• Whitelabeling and custom branding
• German-language UI and documentation
• User-friendly self-service portal with FAQs
• Flexible support models (Standard, Enterprise)
• Support outside business hours (EU)
• Free trial (30 days)
• Training for customers and partners
• Flexible license scaling

Made in Germany:
Conbool is developed and operated entirely in Germany — with a strong focus on privacy, security, and sovereignty.