I can see that my cloudstar post is getting a fair amount of views, and I wanted to follow up. Below are some questions you should ask potential encryption vendors.
Furthermore, a lot of my clients are under the impression that the encrypted service provider they've been pushed to is MANDATORY - but that is not often the case! The true case is that it's mandatory your email is encrypted, and in 99% of cases, it is!
So before you make the leap to cloudstar, or any similar service provider, ask them these questions:
1 How and where are emails encrypted?
2 How and where are emails decrypted?
3 What benefit does your service offer over default TLS? (Other than preventing non-encrypted delivery, because this is an optional feature of every mail host I've seen, including exchange).
4 What happens if the recipient doesn't allow for encryption?
5 When/if you create a portal page to send to a user who doesn't meet encryption standards, how do they gain access to the portal?
5b If no password is required, and the email is delivered unencrypted, even with a secure URL - wouldn't someone who sniffed the email simply be able to follow the URL?
6 If the portal is hosting attachments, what is the retention period on that? Would my client's clients be able to open an email from several years ago and pull that data?
7 Are you able to whitelist spam from specific users? (Some of our clients forward their received spam to an address for resolution - phrase filtering will likely bounce these messages as spam).
8 What are your uptime expectations and what happens if the gears stop turning? From ISP's to cloud-storage, everyone seems to experience some downtime, from time to time.
9 Can you provide audit encryption logs?
10 What liability does your service accept for both sending and receiving emails?