About this article
This article contains questions and answers covering the general functionality of the Templafy Email Signature Server.
- What are the data flows?
Are emails sent between the Email Signature Server and Microsoft 365 Exchange Online secure?
Yes. The X.509 TLS security certificates that are configured in the Email Signature Server implementation are used to establish an encrypted channel on SMTP port 25 for transfer of the emails between Exchange Online and the Email Signature Server.
Are email signatures distributed securely to the Email Signature Server?
Yes. Templafy uses Shared Access Signature (also known as SAS Links) which is a native secure service in Azure Storage for distributing the generated HTMLs in Templafy to the Blob storage of the Email Signature Server.
This is applicable for both Templafy Email Signature Server Hosting versions:
- Client Hosted
- Templafy Hosted
Does the Email Signature Server support Shared Mailboxes?
Yes. There are various configuration options available to have signatures appended by either the Outlook Add-in or the Email Signature Server.
Does the Email Signature Server remove any signatures that users have created in Outlook Web App, Mac email clients, or mobile devices?
Custom email signatures created by users in the Outlook Web App, on a Mac computer, or on a mobile device will need to be removed by the user or the Organization Administrator.
Default signatures that an email software client may attach (e.g., "Sent from my iPhone") are automatically replaced by the Email Signature Server signature.
What antispam measures does Templafy Email Signature Server support?
Templafy Email Signature Server supports:
Is the data encrypted in transit and at rest?
Yes. All data residing in blob and table storages is encrypted at rest using Azure’s PaaS default encryption standard. All data in transit is encrypted using HTTPS TLS 1.2 throughout, including calls between the Email Signature Server and Exchange within Azure.
Is there vulnerability testing conducted on the Email Signature Server?
Yes. Penetration testing is conducted twice a year on the application and architecture. Latest results are available upon request. Furthermore, 24/7 monitoring is carried out using Azure Defender. An incident management process is established to react in a timely manner to any security alerts.
Where can I find more information security and data protection information relating to the Email Signature Server?
Templafy is ISO/IEC 27001:27017 certified and delivers SOC 2 type II reports upon request. Both these cover the Email Signature Server amongst the other modules in scope. In addition, The Email Signature Server service is governed by the Data Processing Agreement and the Service Level Agreement outlined in the SaaS Agreement.
What are the data flows?
|E-mails||Inbound||SMTP 25||Yes TLS 1.2 /N/A||None|
|Outbound||SMTP 25||Yes TLS 1.2/N/A||None|
|E-mail signatures||Inbound||HTTPS 443||Yes/Yes||
Customer Local Storage or Customer Cloud Storage
(E.g. Azure Storage on Customer Azure Subscription)