Security and Compliance - Frequently Asked Questions

Will my emails remain private if I use Exclaimer?

Yes, Exclaimer does not store or read any information from the email body - all it does is add an email signature.

For more detailed information and any security issues, please contact Exclaimer Sales.

Why do I need to enable less secure apps?

We use the Gmail SMTP relay service to route mail back to Gmail.

While Exclaimer can support the secure OAuth2, unfortunately, Gmail's SMTP relay does not; therefore, we must use a less secure SMTP authentication mechanism.

This option is only required for the account used in the SMTP authentication process.

I logged into my Exclaimer account from a different device. 
Online security is very important, and we take it very seriously. If you log in to your Exclaimer account from a different device/computer, we will email you an authorization code to confirm that you are trying to access your account.

All you need to do is enter the unique authorization code once, and you're good to go. You won't have to go through this process every time you log in. If you happen to receive this type of email and you have not been trying to log in to your account, please get in touch with Exclaimer Support.
Are my Microsoft 365 Global Administrator credentials cached?

When you complete the onboarding process for Exclaimer, or if you run the Microsoft 365 connector setup wizard, you are required to enter your Global Administrator credentials. 

Exclaimer does not cache these credentials - they are only used for a one-time operation. If any part of the setup is rerun and these credentials are required, you will be prompted to enter them again.

Why am I prompted to sign in for other Microsoft 365 mailboxes that have been added to Outlook?

If you weren't expecting to be prompted for an account and it doesn't appear in Outlook, chances are that the account exists in another Outlook profile for the logged-in user.

You can check for additional profiles by going through the Mail options in the Control Panel.

The Exclaimer Signature Update Agent will check for any signatures for the additional mailboxes.

NOTE: Unfortunately, it is not possible to bypass the authentication for additional accounts in Outlook.

Does Exclaimer support DomainKeys Identified Mail (DKIM)?

Yes, Exclaimer supports DKIM.

Exclaimer strips out the DKIM when it receives an email, but it is re-applied by Microsoft 365 after it has been processed by Exclaimer and before being sent to the recipient server.

Exclaimer strips out the DKIM when a Server-Side signature is applied.

What is DomainKeys Identified Mail (DKIM)?

DomainKeys Identified Mail (DKIM) is an authentication method that helps protect both email recipients and email senders from forged and phishing email messages.

DKIM uses cryptography to 'sign' email with a private key when it leaves the sending server. This digital 'signature' is unique for that email and is added (as a field) to the message header. When the email is transferred, it attaches a string of characters with a hash value.

When the signature is generated, part of the private key is stored in the listed domain. The Recipient servers then use this private key to verify the source of the message and verify that the body of the message has not changed during transit – the message passes DKIM and is considered authentic.

Someone is using my Exclaimer account without permission
If you think someone is using your Exclaimer account who is not authorized to, contact Exclaimer Support as soon as possible.

Change your Exclaimer password to ensure no one else can access your account without permission.
How do I keep my Exclaimer account secure?

As with all online subscriptions, security is of great importance. We have added business-grade security measures to protect your personal information, but we recommend that you complete the following steps to make your account even safer:
- Use a strong password, including uppercase and lowercase letters, numbers, and special characters
- Change your password every 90 days
- Keep an eye out for phishing attempts. Exclaimer will never ask for personal data such as payment information, VAT number, or account password in an email. If you are unsure, contact your Exclaimer Account Manager
- Report any suspicious or fraudulent activities

For more information, see how to change your Exclaimer password.

How do I report suspicious or fraudulent activities?

At Exclaimer, we take fraud very seriously. If you notice suspicious bank charges or unauthorized account activity that appear on behalf of Exclaimer, please get in touch with Exclaimer Support as soon as you can.

If you have questions about the privacy of your information, please take a look at our Privacy Policy.

I logged into my Exclaimer account from a different device  

Online security is very important, and we take it very seriously. If you log in to your Exclaimer account from a different device/computer, we will email you an authorization code to confirm that you are trying to access your account.

All you need to do is enter the unique authorization code once, and you're good to go. You won't have to go through this process every time you log in.

If you receive this type of email and you have not been trying to log in to your account, please get in touch with Exclaimer Support.

Can the two-factor authentication in the Exclaimer Portal be disabled?

No, unfortunately, it is not possible to disable the two-factor authentication - this behaviour is by design.

Disabling this functionality introduces significant risk; it would break Exclaimer's company policy and compromise our ISO accreditation.

We are researching ways to simplify the two-factor authentication process. Customers will be advised as and when this proves possible.

Does Exclaimer support Okta Single Sign-On (SSO)?
No, unfortunately, Exclaimer does not currently support Okta SSO.
What are Exclaimer's GDPR (aka DSGVO) policies?
For full details of Exclaimer's General Data Protection Regulation (GDPR) policies, please see EXCLAIMER GDPR COMPLIANCE STATEMENT on Exclaimer's website.
Does Exclaimer support Remote Desktop (RDS), Terminal Server (TS) and Virtual Desktop Infrastructure (VDI)?
Yes, Exclaimer for Microsoft 365 and Exchange fully support these technologies.

For Client-Side signatures, we recommend using the Exclaimer Outlook Add-in; for server-side, the infrastructure used by the sender makes no difference. 
Is it possible to use SAML SSO to log into Exclaimer?
No, currently, it is not possible to use Security Assertion Markup Language (SAML) Single Sign-On (SSO) with Exclaimer.

You can, however, add Google or Microsoft SSO as an additional authentication method in Exclaimer.
Which standards is Exclaimer compliant with?
Exclaimer is compliant with SOC 2, ISO 27001/IEC 27001, ISO/IEC 27018, HIPAA, Cyber Essentials, GDPR, CSA, PCI DSS, ACSC and CCPA.

For more information, please see https://www.exclaimer.com/trust/compliance/