Security and Compliance - Frequently Asked Questions

Will my emails remain private if I use Exclaimer Cloud?

Yes, Exclaimer Cloud does not store or read any information from the email body - all it does is add an email signature.

For more detailed information and any security issues, please contact Exclaimer Sales.

Why do I need to enable less secure apps?

We use the Gmail SMTP relay service to route mail back to Gmail.

While Exclaimer can support the secure OAuth2, unfortunately, Gmail's SMTP relay does not; therefore, we must use a less secure SMTP authentication mechanism.

This option is only required for the account used in the SMTP authentication process.

I logged into my Exclaimer Cloud account from a different device. 
Online security is very important, and we take it very seriously. If you log in to your Exclaimer Cloud account from a different device/computer, we will email you an authorization code to confirm that you are trying to access your account.

All you need to do is enter the unique authorization code once, and you're good to go. You won't have to go through this process every time you log in. If you happen to receive this type of email and you have not been trying to log in to your account, please get in touch with Exclaimer Support.
Are my Microsoft 365 Global Administrator credentials cached?

When you complete the onboarding process for Exclaimer Cloud, or if you run the Microsoft 365 connector setup wizard, you are required to enter your Global Administrator credentials. 

Exclaimer Cloud does not cache these credentials - they are only used for a one-time operation. If any part of the setup is rerun and these credentials are required, you will be prompted to enter them again.

Why am I prompted to sign in for other Microsoft 365 mailboxes that have been added to Outlook?

If you weren't expecting to be prompted for an account and it doesn't appear in Outlook, chances are that the account exists in another Outlook profile for the logged-in user.

You can check for additional profiles by going through the Mail options in the Control Panel.

The Exclaimer Cloud Signature Update Agent will check for any signatures for the additional mailboxes.

NOTE: Unfortunately, it is not possible to bypass the authentication for additional accounts in Outlook.

Does Exclaimer Cloud support DomainKeys Identified Mail (DKIM)?

Yes, Exclaimer Cloud supports DKIM.

Exclaimer Cloud strips out the DKIM when it receives an email, but it is re-applied by Microsoft 365 after it has been processed by Exclaimer Cloud and before being sent to the recipient server.

Exclaimer Cloud strips out the DKIM when a server-side signature is applied.

What is DomainKeys Identified Mail (DKIM)?

DomainKeys Identified Mail (DKIM) is an authentication method that helps protect both email recipients and email senders from forged and phishing email messages.

DKIM uses cryptography to 'sign' email with a private key when it leaves the sending server. This digital 'signature' is unique for that email and is added (as a field) to the message header. When the email is transferred, it attaches a string of characters with a hash value.

When the signature is generated, part of the private key is stored in the listed domain. The Recipient servers then use this private key to verify the source of the message and verify that the body of the message has not changed during transit – the message passes DKIM and is considered authentic.

Someone is using my Exclaimer Cloud account without permission
If you think someone is using your Exclaimer Cloud account who is not authorized to, please reach out to Exclaimer Support as soon as possible.

Please also change your Exclaimer Cloud password to ensure no one else can access your account without permission.
How do I keep my Exclaimer Cloud account secure?

As with all online subscriptions, security is of great importance. We have added business-grade security measures to protect your personal information, but we recommend that you complete the following steps to make your account even safer:
- Use a strong password
- Keep an eye out for phishing attempts
- Report any suspicious or fraudulent activities

For more information, please look at How to keep your Exclaimer Cloud account secure.

How do I report suspicious or fraudulent activities?

At Exclaimer, we take fraud very seriously. If you notice suspicious bank charges or unauthorized account activity that appear on behalf of Exclaimer, please get in touch with Exclaimer Support as soon as you can.

If you have questions about the privacy of your information, please take a look at our Privacy Policy.

I logged into my Exclaimer Cloud account from a different device  

Online security is very important, and we take it very seriously. If you log in to your Exclaimer Cloud account from a different device/computer, we will email you an authorization code to confirm that you are trying to access your account.

All you need to do is enter the unique authorization code once, and you're good to go. You won't have to go through this process every time you log in.

If you receive this type of email and you have not been trying to log in to your account, please get in touch with Exclaimer Support.

Can the two-factor authentication in the Exclaimer Portal be disabled?

No, unfortunately, it is not possible to disable the two-factor authentication - this behaviour is by design.

Disabling this functionality introduces significant risk; it would break Exclaimer's company policy and compromise our ISO accreditation.

We are researching ways to simplify the two-factor authentication process. Customers will be advised as and when this proves possible.

Does Exclaimer Cloud support Okta Single Sign-On (SSO)?
No, unfortunately, Exclaimer Cloud does not currently support Okta SSO.
What are Exclaimer's GDPR (aka DSGVO) policies?
For full details of Exclaimer's General Data Protection Regulation (GDPR) policies, please see EXCLAIMER GDPR COMPLIANCE STATEMENT on Exclaimer's website.
Does Exclaimer Cloud support Remote Desktop (RDS), Terminal Server (TS) and Virtual Desktop Infrastructure (VDI)?
Yes, Exclaimer Cloud for Microsoft 365 and Exchange fully support these technologies.

For client-side signatures, we recommend using the Exclaimer Cloud Outlook Add-in; for server-side, the infrastructure used by the sender makes no difference. 
Is it possible to use SAML SSO to log into Exclaimer Cloud?
No, currently, it is not possible to use Security Assertion Markup Language (SAML) Single Sign-On (SSO) with Exclaimer Cloud.

You can, however, add Google or Microsoft SSO as an additional authentication method in Exclaimer Cloud.
Which standards is Exclaimer Cloud compliant with?
Exclaimer Cloud is compliant with SOC 2, ISO 27001/IEC 27001, ISO/IEC 27018, HIPAA, Cyber Essentials, GDPR, CSA, PCI DSS, ACSC and CCPA.

For more information, please see https://www.exclaimer.com/trust/compliance/