I’m very pleased to announce that the latest update for Mail Assure is available as of August the 22^nd. We have a large number of improvements included in this update, as well as the usual bug fixes and performance improvements.

In particular, we continue to increase both the security of the product itself, and also the security features that are available for your use and protection of end users.

We also have a lot of improvements to our Email Scout Report functionality, which is used to get message log search results sent by email on a schedule. In this update, it’s easier to manage branding, you can preview the report when configuring it, it’s possible to edit many reports at once, and it’s faster to manage mailboxes that you do not want to receive reports.

Security Enhancements

In the future, we will be adding additional restrictions on the domain that can be used as the “envelope sender” address. Legitimate mail should not be impacted by this change, but we recommend that you verify ownership & control over your domains to avoid any inconvenience. You can do this using the action menu in the “Domains overview” page, and it should only take a couple of minutes for each domain. You’ll need access to the account at the DNS registrar used for the domain.

DNSSEC: The MX records for Mail Assure (mtaroutes.com) are now protected with DNSSEC. This protects against DNS cache poisoning and other similar types of attack. This is also a requirement for DANE, which lets senders require encrypted connections – we intend to add support for DANE for incoming connections in a future update.

IMAP TLS: As of this update, all IMAP connections to the quarantine will require an encrypted (TLS) connection. You can use an explicit TLS connection (connecting to port 143 and using STARTTLS) or implicit (connection to port 993) – in most cases your mail client will already have automatically enabled this. If you access your quarantined messages using the app or reports rather than through IMAP, then you do not need to make any changes.

Macros: email messages containing attachments that have macros are a common source of dangerous content. We recommend that macros are disabled in Office for all users that do not require their use, and that sharing any documents that contain macros is done via a document control system, like SharePoint, Google Drive, iCloud, or DropBox. You can block all incoming messages containing macros with the setting on the “Filter settings” page:

With this release, you can now also block all outgoing messages containing macros. To do this, use the “Manage authentication” page in the “Outgoing” section. Select the IP or smarthost that you wish to restrict, and choose “edit”. You’ll find the new option near the end of the page.

Increased Customisation

The “custom actions” feature now allows further customisation when using the subject notation action (MMA-977). Instead of always using a fixed keyword in the subject, you can configure any tag when adding the action. For example, you might want to tag mail that matches specific keywords or from senders in specific industries.

Reporting Improvements

Previews: When creating an Email Scout Report, or configuring automatic Email Scout Reports for all mailboxes at a domain, you can now see a preview of what the report will look like (note that all email clients have slightly different rendering rules, so the exact appearance will differ slightly in each). Simply configure the report as usual, and then use the Preview tab to see what the report will look like – we use the actual live search results so you can see real data in the report. You’ll find that it’s much easier to choose the right subject and template, and have confidence that you know what the reports will look like.

Multiple Edit: It’s now much faster to manage existing Email Scout Reports, with the new ability to edit multiple reports at once. For example, you might have a large number of reports where you wish to change the schedule, or the subject of the message. Simply select all of the reports you want to edit, and choose the “Edit” option from the menu at the end of the list. You can change multiple aspects of the reports, and leave others unchanged.

Excluded mailboxes: Managing which mailboxes do not receive Email Scout Reports is now much simpler. Typically, for automatic Email Scout Reports, all mailboxes other than distribution lists and shared mailboxes, have a report enabled. However, there are cases where a user unsubscribes from the report and you need to enable it again, or where there’s a specific mailbox that shouldn’t receive reports. When you create an automatic Email Scout Report, there’s a new option to specify mailboxes to exclude (MMA-5540), and you can add and remove excluded mailboxes in the exclusions tab (MMA-3697).

Branding: It’s now much simpler to manage the branding that appears in Email Scout Reports. You’ll find a new “include standard branding” option at the top of the Email Scout Report template editor.

If this option is enabled, then the logo that you have configured for the brand, or the brand name (if there is no logo) will be added to the top of the Email Scout Report – above any of the content in the template. You can configure multiple brands, or if you don’t configure any then the N-able Mail Assure brand will be used.

If you prefer to have completely white-label reports, or if you wish to include branding elements in a custom format (perhaps at the end of the report, or incorporating additional elements of your brand), then simply disable the option and edit the template to suit your needs.

You’ll notice that there is also an additional “Language” field in the Email Scout Report template editor. This allows you to easily manage multiple templates in different languages, if you wish to offer this functionality to your users. In the future, we’ll add the ability to automatically select a template by matching this language choice with the user’s selected language.

New Templates: There are four new Email Scout Report Templates available. These are similar to the “row” and “column” templates, but with a modernised look, and clearer instructions. “Desktop Card” is suited to users who typically view their reports on larger screens, and have a small number of report entries. “Mobile Card” is similar, but will work better for users who typically view their reports on smaller screens. The “Desktop Table” template is suited to users who typically view their reports on larger screens, and have a large number of report entries, or a large number of columns in the report. Finally, “Mobile Table” is similar, but again suitable to users who typically view their reports on smaller screens.

Lock notifications: We’ve simplified the interface for editing the template for email notifications when an outgoing user is locked – it has the same design as the other email template editors (MMA-5723).

Removal of Outdated Functionality

To simplify the app, we’ve removed some older, outdated functionality.

The “Bandwidth overview” and “Global statistics” pages are no longer in the navigation menu – the statistics available on the main dashboard load much more quickly and provide a simpler experience. Don’t forget that you can adjust the time period that is shown, and you can export the charts to a PDF.

If access to the old pages is still needed, for now they are still reachable via the classic app or by directly entering the URL – if you still use them, we’d love to hear from you to learn more about what improvements we can make so that you don’t need them any more.

We’ve also cleaned up the User Profile page, so that the old “product local credentials” email address isn’t displayed at the partner level any more, now that all partners log in with N-able SSO. You can always find your SSO email address via the menu in the Platform Bar.

Don’t forget that we have a new N-able Mail Assure domain that simplifies your login experience. Partners (admins and admin aliases) should use https://securemail.management and enter their N-able SSO credentials. If you provide access to clients or end users, then they should use the login page at https://client.securemail.management – or your branded version of this.

To finalise the change in domain, in a future update we’ll be changing the default sender address for emails from no-reply@my.swmailassure.com to no-reply@pw.securemail.management (password resets) and no-reply@reports.securemail.management (reports). We’ll also be added some additional security around these addresses so that you can be even more confident that any mail received from them is legitimate. In the future update that includes this change, we’ll also adjust the Email Scout Reports creation flow so that you don’t need to manually enter a sender address (but can still customise it if you wish).