Sign In
SecureMail · comparison

SEPPmail and Conbool — side by side.

If you're looking for an email encryption solution with S/MIME, PGP and a web path for external recipients, it pays to look directly at the differences. This page compares publicly verifiable points — as of May 2026.

Request a demoSecureMail in detailUpdated: May 2026

In three sentences

What matters.

SEPPmail is an established Swiss specialist for email encryption, headquartered in Neuenhof, with strong presence in DACH public sector and banking, traditionally as on-premise appliance or managed service. Conbool SecureMail is a German alternative with EU hosting, modular licensing and an integrated message portal. Which fits best depends on your hosting requirement, licensing preference and whether you want a pure encryption tool or a broader email security platform.

The five most common questions, side by side.

Every statement about SEPPmail links to a public source. Every Conbool claim is verifiable in a demo.

Where is my data hosted?

Conbool SecureMail

Exclusively in EU data centres on ISO 27001-certified infrastructure. Contract party and data processor is Conbool GmbH in Germany. The DPA names the concrete data location.

SEPPmailSEPPmail

SEPPmail is traditionally operated as an on-premise appliance at the customer site. SEPPmail AG also offers a managed service in Swiss data centres. From a GDPR perspective, Switzerland is a third country covered by an EU Commission adequacy decision.

Source: seppmail.com — Trust Center and product pages. Please confirm the concrete hosting option and data centre location with the vendor.

Why it matters: for many German public authorities, insurers and municipalities, EU- or DE-only hosting is a hard requirement. Switzerland is legitimate, but must be documented separately as a third country.

Which encryption methods are supported?

Conbool SecureMail

TLS, S/MIME and PGP natively. For recipients without S/MIME or PGP keys, the Conbool message portal is available: recipients read and reply in the browser, no account needed. Key management lives in the Conbool tenant.

SEPPmailSEPPmail

According to the vendor, SEPPmail also supports TLS, S/MIME and PGP. For recipients without keys, the vendor's proprietary GINA Webmail mechanism is used, with a password workflow per transfer.

Source: seppmail.com — product description of GINA Webmail and encryption features.

Why it matters: the cryptographic substance is comparable on both sides. The difference lies in the pull path: GINA is established with password delivery, a message portal without account requirement is more user-friendly — both approaches have merit.

How is licensing structured?

Conbool SecureMail

Modular per feature. Term monthly or yearly, no multi-year minimum. SecureMail can be bundled with MailGuard, Disclaimer or SecureFiles.

SEPPmailSEPPmail

SEPPmail is typically marketed as an appliance or server licence, often with multi-year terms and a maintenance contract. Hardware or cloud-region costs may be added. Exact conditions are negotiated by the vendor directly.

Source: seppmail.com — licensing model and product pages. Current pricing via the vendor.

Why it matters: if you want short-term predictable OPEX instead of multi-year CAPEX commitment, a monthly or yearly term is more flexible. If you already operate appliance infrastructure, the licence model gives more control.

How quick is the rollout?

Conbool SecureMail

Pure cloud service. Setup via Exchange Online or generic SMTP connector, MX record optionally redirected. First pilot mailboxes can be productive within hours, no appliance image, no virtual machine.

SEPPmailSEPPmail

With the appliance variant a classic installation and configuration is needed (appliance or VM deployment, IP routing, MX changes, key setup). The managed service reduces this effort according to the vendor.

Source: seppmail.com — installation documentation and managed-service product page.

Why it matters: setup effort is a direct cost driver in IT projects. Cloud saves appliance operations, on-premise gives full data sovereignty.

Do I get an encryption tool or a whole platform?

Conbool SecureMail

SecureMail is part of a broader platform: MailGuard (spam and phishing protection), Disclaimer (central signatures), SecureFiles (large file transfer) can be bundled. One vendor, one DPA, one admin portal.

SEPPmailSEPPmail

SEPPmail is a specialist for email encryption. Additional building blocks such as anti-spam or mail hygiene are covered in many setups by third-party products (e.g. an SEG upstream).

Source: seppmail.com — product portfolio. Third-party integrations via the vendor's partner list.

Why it matters: if you want a pure encryption specialist and mail hygiene is already covered elsewhere, a specialist gives clear focus. If you want consolidation, a platform gets you closer.

Migration checklist

What to watch for when migrating away from SEPPmail.

Replacing SEPPmail typically runs in five steps — depending on whether you operate the appliance install or the managed service.

  1. 1. Document SEPPmail configuration and rules

    Capture all active encryption rules (per sender, per domain, per keyword), routing paths, ETR rules and GINA Webmail configurations. This inventory is the basis for a 1:1 transfer into the Conbool tenant.

  2. 2. Export S/MIME certificates and PGP keys

    Existing S/MIME certificates and PGP keys are exported from SEPPmail and backed up. Mind passphrase protection and secure handover. Key lifecycle (expiry dates) is documented as well.

  3. 3. Reroute MX to Conbool as a test

    For a pilot domain or pilot mailboxes the mail flow is routed in parallel to Conbool. Inbound and outbound connectors are configured in the Microsoft 365 Admin Center (or equivalent). SEPPmail and Conbool run side by side without pressure.

  4. 4. Import key material into Conbool or re-issue

    Existing S/MIME certificates are imported into the Conbool tenant, PGP keys as well. Where reasonable, new keys are issued (e.g. for expired certificates). The recipient web path moves from GINA pull to the Conbool message portal.

  5. 5. Decommission the SEPPmail appliance after cutover

    After a successful cutover and a defined parallel period, the SEPPmail appliance or managed-service contract is decommissioned. Archive the audit log for GDPR Art. 30. Existing contracts run out to term.

These steps apply to classic SEPPmail installations. For tenant-specific configurations or DMS connectors we review the integration in the consult.

Decision aid

When Conbool, when SEPPmail.

Conbool SecureMail fits when …

  • You want a pure cloud solution with EU hosting and a German contract party.
  • You prefer a message portal without account requirement for external recipients.
  • You want modular per-feature billing and the option to bundle with MailGuard, Disclaimer or SecureFiles.
  • You want to avoid appliance maintenance and pilot quickly.

SEPPmail fits when …

  • You already operate an on-premise appliance or deliberately want one.
  • A Swiss contract party and Swiss hosting are anchored in your compliance.
  • Established GINA Webmail workflows are baked into your processes.
  • You want an encryption specialist and mail hygiene is covered elsewhere.

Matched to your setup

Conbool SecureMail by industry and use case.

NIS2 E-Mail-Verschlüsselung

S/MIME, PGP und Nachrichtenportal als Baustein der NIS2-Pflichten.

Learn more

Sicheres Nachrichtenportal

Empfänger ohne Schlüssel lesen und beantworten Nachrichten ohne Konto.

Learn more

Öffentliche Verwaltung

EU-Hosting, deutscher Vertragspartner und Audit-Log für Behörden.

Learn more

NIS-2 E-Mail-Verschlüsselung

S/MIME, PGP und Domain-Verschlüsselung nach NIS-2 angemessen.

Learn more

NIS-2 E-Mail-Sicherheit

NIS-2-konforme E-Mail-Sicherheit mit Audit-Trail.

Learn more

PDF-Verschlüsselung

Sensible PDFs verschlüsselt versenden, ohne Empfänger-Konto.

Learn more

Secure Message Portal

Empfänger-Web-Reader für Schlüssel-lose Empfänger.

Learn more

Also compared

Further email encryption alternatives and cross-comparisons.

SEPPmail is often weighed against NoSpamProxy, Cryptshare and upstream SEGs. Here are the direct comparison pages.

Frequently asked

See Conbool SecureMail in your own setup.

30-minute demo. Cloud service hosted in the EU.

Request a demoSecureMail in detail

Sources and fairness note

Statements about SEPPmail rely exclusively on publicly accessible sources: seppmail.com (product pages, Trust Center, GINA Webmail documentation) and public reference material. Claims about internal processes or architecture details not publicly substantiated are avoided. Statements about Conbool rely on our own product documentation and contractual commitments.

As of May 2026. For your final decision we recommend you ask both vendors directly about the points relevant to you and get statements confirmed in writing.

SEPPmail is a trademark of SEPPmail AG (Neuenhof, CH). Conbool is a trademark of Conbool GmbH. This page is an editorial comparison — not official SEPPmail material.