INCREASED EMAIL SECURITY AT AAU - MORE SECURE TO SEND EMAILS
All emails sent from AAU will now be automatically sent with encryption during transport on the open Internet.
The transmission of data can be broadly divided into three categories:
- Unencrypted transmission
- Encryption during transport
- Fully encrypted transmission / encrypted content
Category 2 is handled automatically with the new security add-on.
In some cases, Category 1 or 3 transmissions may be required for external email recipients.
CATEGORY 1 – UNENCRYPTED TRANSMISSION
A few domains do not support TLS, so email with TLS cannot be sent to those domains. If an email is sent to a domain that does not support TLS, you will be notified within a day that the email could not be delivered.
This type of error only happens in a very few cases. Currently, a few per thousand of all transmissions are at risk of a delivery error.
If you experience this problem when sending email to a fixed/major partner or similar, you should contact our support since we may need to contact the recipient as they likely have a configuration error that they should be made aware of.
To opt out of using TLS, add [unsecure] in the subject line of the email that will not use TLS. Please note that this can only be done if the email does not contain confidential or sensitive information. This means you are only allowed to send unencrypted emails to external recipients when the email contains data that is classified as public.
Category 2 – Encrypted during transmission
Category 2 transmissions happen automatically. This means that all emails sent from AAU to an external recipient will be automatically encrypted during transport.
What may be sent as regular email?
As a rule, large portions of AAU emails can be sent directly to the recipient from your email from now on.
If you need to exchange confidential or sensitive data with an email recipient regarding the email recipient themselves, this transmission method is also allowed.
It is recommended that communication including confidential and sensitive personal data as well as CPR numbers about the recipient be sent to the recipient via ‘e-boks’ where possible. See the guidelines here.
For foreign nationals without a Danish CPR number, sending confidential and sensitive personal data can be done via email to the person's own email address. Optionally, with encryption of attachments where the encryption code is disclosed via another source, for example, in an SMS text message to the person's mobile phone.
According to the Danish Data Protection Agency, encrypted transmission is an appropriate security measure.
If the transmission contains confidential or sensitive data and personal information for anyone other than the recipient, use Category 3.
Category 3 – Fully encrypted transmission / encrypted content
A fully encrypted transmission or a transmission with encrypted content is desirable in special cases, such as when you need to send confidential or sensitive data to an external recipient about more then 5 persons other than the recipient themselves.
Methods for fully encrypted transmission
For a fully encrypted message, we recommend that you either use e-box via Workzone or encrypt attachments. See instructions here.
If you do not have an employee certificate, it can be ordered by contacting our support.