CryptoPrevent Email Setup FAQ

NOTICE:

You may wish to view our privacy and data collection policy here regarding email settings/account usage.

Sign in with Google (Recommended)

This is the recommended method because you do NOT need to enter your Google account password into CryptoPrevent like you would with advanced/SMTP server setup.  See below for a tutorial video on setup.

Can I use another email provider other than Gmail?

Yes, but you will need to use the Advanced settings to configure your email provider’s SMTP server.  See below.

Advanced (Use SMTP)

The remainder of this article applies only to Advanced/SMTP server configurations.

What are the SMTP Settings for Office 365?

Server:  smtp.office365.com
Port:  587
Authenticate:  yes
StartTLS:  yes

What are the SMTP Settings for GMail / Google Workplace?

* Not recommended, see “Sign in with Google (Recommended)” above!

Server:  smtp.gmail.com
Port:  587
Authenticate:  yes
StartTLS:  yes

My GMail account doesn’t seem to work with Advanced/SMTP server config, got any ideas?

It is no longer recommended to use the SMTP server configuration with Google email accounts of any type (GMail or Google Workplace) as they are planning to phase out older insecure methods of login.  Please scroll to the top of this page for configuration information and a video.  If you really must use this method with a Google account you may find help with the links below.

For accounts without two factor authentication, enabling the “less secure application” feature may help:  https://www.google.com/settings/security/lesssecureapps

Two factor authentication can complicate things as well, and when using this you will need an “application specific password” in order to connect properly to the server through this app.  Learn more and obtain application specific passwords here:  https://support.google.com/accounts/answer/185833?hl=en and you can manage them at this link:  https://security.google.com/settings/security/apppasswords

Finally, we have also had reports that Gmail will sometimes block what it considers a ‘suspicious login‘ and that it should alert you of this the next time you login to the webmail interface.  You should be notified that you can ‘unlock‘ your account by going to this link:  https://accounts.google.com/DisplayUnlockCaptcha  after which the account should be unlocked and email sending will no longer be blocked.

Why does CryptoPrevent need my email password?

While CryptoPrevent can send email TO your specified address, it also sends that email FROM your address, and in order to send email from your email address on your behalf using an SMTP server, it needs your password.  This is because CryptoPrevent (or any program that sends email for that matter) needs an account on some type of email server in order to send email, and CryptoPrevent is designed to use YOUR server, NOT OURS.  For this reason, CryptoPrevent needs both your email address (which is your server login) and your email password (again, also required to login to your server.)  By YOUR server we mean the server provided to you by your email host, e.g. Gmail, Yahoo, Hotmail, your ISP, or whoever provides your ‘domain’ (the @whatever.com part of your address.)

(Note if you use the “Sign in with Google” method above, your password isn’t required by CryptoPrevent at all; instead, the entire sign-in process is handled by your web browser.)

Why do you not provide an email server for CryptoPrevent to use?

There are several reasons.  First and foremost, SPAM.  We don’t want issues with being automatically blacklisted in various SPAM monitoring services for suspicious activities, this would compromise alert functionality for everyone.  If we sent emails from our own account from so many of our customer’s different IP addresses, some of the major SPAM services like SORBS and SpamCop (which are used by ISPs and email providers) could blacklist us until we dispute the blacklisted entries with these respective companies.  During that time, many email providers who use these various SPAM services will reject emails sent from our account — and if CryptoPrevent’s emails aren’t getting to you for this reason, then the feature does you no good!  Another issue is that we’ve had reports that the server may get overloaded at times and automated emails may be delayed up to 12 hours from the time they are originally sent for whatever reason, again this does you no good if you don’t receive the alert in a timely fashion.  For these reasons we made the decision to NOT use our own email server, and require that you use your own email provider’s server for CryptoPrevent’s email capabilities.

Where is my password stored?  Is it ever transmitted anywhere?

No, we do not receive your email password in any way, shape, or form.  The password is used only to login to your email (SMTP) server in order to send the email to you.  The password is stored in your Windows Registry, specifically under the HKLM\Software\Foolish IT\CryptoPrevent\Email key, where it is encrypted so it is not legible to the naked eye, and will appear to be a long jumble of random looking characters.

(Note if you use the “Sign in with Google” method above, your password isn’t stored anywhere at all, but rather a Google account access token is stored locally in the CryptoPrevent program directory.)

Is TLS encryption supported?  (Updated 10/12/14)

YES!  Version 7.3.x and above support TLS encryption in SMTP server settings!  In prior versions, only SSL is supported.