A reference for all VIPRE SafeSend PC Add-in settings, including a description of their purpose and valid options for each one.
If you need to localize the user interface, you'll find a list of all UI string variables here as well
Important Information
Please refer to Related Articles for direct links to other processes pertinent to the one detailed in this article.
Commonly Used
Commonly Used settings are the settings most likely to be adjusted during installation.
| Setting Name | Description |
|---|---|
| DisableSelectAll | Disabled by default, meaning that the ‘Select All’ button is shown. Enable this setting to disable the ‘Select All’ button. |
| DisableSelectAllForLessThanXCheckboxes | The default value is 0. Set this to X to show the ‘select all’ checkbox when there are X or more checkboxes visible for the user. |
| LicenseKey | This is where your product license key is stored. |
| OnlyPopupForAttachments | Disabled by default. Enable this setting to show the SafeSend window only when files are attached and there are external recipients in the email. |
| PolicyLink | Disabled by default. Set this to point to the URL of your email/security policy, and SafeSend will display a policy text. The string that controls what is displayed in the GUI is named StringMainPolicy and it defaults to ‘This email should be sent according to the %Group Information Security Policy%’. Note the ‘%’ signs that are required around the clickable text. |
| SafeDomains | This multi-string setting contains the list of safe domains or emails. If there are no safe domains/emails defined, SafeSend will use the user’s own email addresses to detect which domains are safe. SafeSend accepts all sub-domains under the top-domain as safe. If you specify ‘mycompany.com’ in the safe domain list, then name@research.mycompany.com and name@mycompany.com will all be safe. In version 4.3.5.0 or later you can also specify individual email addresses here. |
| WindowMinimumHeight | This is where you can set the minimum height of the SafeSend window in pixels. |
| WindowMinimumWidth | This is where you can set the minimum width of the SafeSend window in pixels. |
Advanced
Advanced settings are the settings typically adjusted after deployment.
| Setting Name | Description |
|---|---|
| BCCWarningIf More ThanX_TOCC_ Recipients |
Set to 0 by default which makes this setting disabled. Set it to a non-zero value to display an additional checkbox if there are more than X recipients of type TO/CC asking the user to confirm if they were not intended for BCC. |
| CheckAuto Forwarded Emails |
Disabled by default. Enable this setting to also make SafeSend trigger on auto-forwarded emails and meeting invitations. |
| Check Replies To External Meetings |
Disabled by default. Enable this setting to make SafeSend trigger on when responding to external meeting invitations. |
| Classification X Header |
Set to “” by default. ClassificationXHeader can be set to e.g. “x-microsoft-classification” and ClassificationXHeaderValues to e.g. “RESTRICTED, HIGHLY RESTRICTED” to trigger SafeSend only if the email being sent has a matching classification and the email is being sent externally. This also requires SafeSend to be configured to trigger after all other add-ins so that the classification add-in can set its X-header before SafeSend tries to read it. |
| Classification X Header Values |
Set to \”” by default. Specify a comma separates list here with classifications for which SafeSend should be triggered upon. Please also see the documentation for ClassificationXHeader. |
| ClientKeywordDisableConfirm | Disabled by default. When enabled, removes the need to type CONFIRM on the confirmation dialog box in order to send an email. |
| Client Keyword Domain List |
Can be used to prevent sending sensitive client information to the wrong recipient. Define a list of clients with keywords and their domains or email addresses. An example is ‘Microsoft,MSFT:microsoft.com,windows.com’ where the keywords ‘Microsoft’ and ‘MSFT’ are associated with the domains ‘microsoft.com’ and ‘windows.com’. As soon as those keywords are emailed externally to a domain other than microsoft.com or windows.com, SafeSend will require the user to type in ‘confirm’ in a text box to confirm and send the email. It is also possible to specify a regular expression instead of a keyword. Keywords are by default case insensitively matched by requiring a word delimiter, but it is possible to define a custom regexp (so ignoring the case-insensitive match and the word delimiter requirement) by enclosing the regexp in ‘#’s, e.g. “#PREFIXd{3}[A-Z]{2}#” meaning PREFIX + three digits + two characters. |
| Client Keyword Domain List Encrypted |
This is a single string variable so that each client keyword/domain line must be separated by a semicolon ‘;’. The encryption uses AES 256-bit symmetric encryption and the string can be generated from PowerShell using a custom SafeSend cmd-let. |
| Content Scanning Rules |
Use this setting to set the policy rules for DLP Content Scanning. Each rule should be on a separate line. |
| Content Scanning Timeout MS |
Set to 10,000 by default meaning 10 seconds. Change this setting to edit the default timeout value in milliseconds for the DLP feature when scanning documents. |
| Content Scanning Max NrMatches Before Trying To Group By Attachment |
Set to 30 by default. Change this setting to edit the number of DLP results in the output table before SafeSend will try to group them by attachment. This is to avoid the table being too long when the same result is found in a large number of files. |
| Confirm AndSend On Ctrl Enter |
Disabled by default. Enable this to allow a user to press CTRL+ENTER to confirm recipients and send the email. |
| DetectBulk Emailing |
Enabled by default, meaning that SafeSend will detect bulk sending and ask the user to suppress the popup for upcoming emails part of the bulk sending. Detecting bulk emails is useful because some users might be using Mail Merge in Outlook or the Mail Merge Toolkit to send bulk emails and they do not want to be prompted with the SafeSend popup for each email. This feature is also useful if there are users with custom VBA code to send out emails in bulk. |
| DetectBulk Emailing Detection Period |
Set to 600 by default meaning that the detection period for bulk emails is 600 ms. |
| DisableConfirmation For These Sending Addresses |
Disable the confirmation popup when sending from these sending accounts (mailboxes). You can also specify the Display Name of an Send Behalf On account in here. Each email address/display name should be separated with a semicolon. |
| DisableConfirm Attachments |
Disabled by default, meaning that attachments are confirmed in SafeSend. Enable this setting to hide the attachments from the list of items that need to be confirmed. A warning text saying “This email has files attached” will still be shown even if attachments are not required to be confirmed. |
| DisableMark MsgFiles As Attachments |
Disabled by default. Enable this setting to prevent MSG files from being shown as attachments. |
| DisableOpen Attachments Link |
Disabled by default. Enable this setting to disable the clickable ‘(open)’ link when attachments must be confirmed. |
|
DlpScanPassword ProtectedAttachments |
Disabled by default. When enabled, users will be prompted to provide the password for attached zip files. If the password is provided the contents of the password-protected zip file will be scanned. |
| Enabled | Enabled by default. Use this setting to toggle SafeSend ‘on’ or ‘off’. This setting writes to the HKEY_CURRENT_USERSoftware MicrosoftOfficeOutlookAddinszzz.SafeSendLoadBehavior value to control if Outlook should load SafeSend when it starts. |
| EnableForceOpenAttachment | Disabled by default. When enabled, forces the user to click OPEN to verify attachments before they can select the files for confirmation and send the email. |
| Enable Recipient Attachment Removal |
Enabled by default. SafeSend will display an ‘x’ symbol next to each recipient and attachment. This allows the user to remove the recipient or attachment without canceling the email and editing the original recipient/attachment list. |
| ExpandListsByDefault | Disabled by default. When both ExpandListsbyDefault and GroupbyDomains are enabled, this setting allows lists of email addresses affected by the GroupbyDomain setting to be expanded by default. |
| GroupByDomain | Disabled by default. Use this setting to group all email from the same domain under one checkbox in the confirmation window. Can be useful if you have a subset of users who regularly send email to a very large number of recipients. |
| ForbiddenLists |
Disabled by default. When enabled, users will not be able to send emails to any Outlook or Exchange lists. |
| ForbiddenRecipients |
Users will not be able to send to any email addresses in this list. |
| FooterEnabled | Disabled by default. Enable this to add a specified footer to each external email. |
| FooterText | Use this setting to set the text in the SafeSend footer. |
| ForceWindowTop Most |
Disabled by default. Only change this setting if required. Will force the SafeSend window to be topmost, so above all other windows in Windows. It will also make SafeSend display in the taskbar. |
| Hide Recipient Display Name |
Disabled by default. Enable this setting to only display the actual email address of a recipient. SafeSend otherwise displays the email address and the contact display name. |
| Logging Event Type Filter |
Set to 255 by default to enable all event types. Bit 0: email_external, Bit 1: email_internal, Bit 2: email_cancelled. Set this value to e.g. 1 to only log events of type email_external. Set this to the value 1 in order to only log external emails. Set this to the value 5 (bit 0 and bit 2) to log both external emails and cancel events. |
| Logging File Log Enabled |
Disabled by default. Enable this setting to log each user’s outgoing email activity to a physical file. The log file can be opened from the Add-in options dialog (File->Options->Add-ins->Add-in Options…) or by going to “C:\Users\{username}\AppData\Local\SafeSend”. For more information, see Adjust Logging. |
| Logging File Log Max SizeMB |
Set to 50 MB by default. |
| LoggingSyslog Host name |
Is an empty string by default so that Syslog logging is not enabled by default. Set this to the hostname (or IP) of your Syslog server in order to start logging user activity to Syslog using UDP. |
| LoggingSyslog Port |
Set to 514 by default. Set this to the UDP port of the Syslog server. |
| LoggingSyslogUse Strict RFC 5424 Format |
Disabled by default. Enable this to print the NILVALUE for PROCID, MSGID, and STRUCTURED-DATA, and to show the BOM character for the UTF-8 message string, all according to the RFC5424 protocol. |
| LoggingWindows Event Log Enabled |
Disabled by default. Enable this setting to log each user’s outgoing email activity to the Windows Event Log. The log data can be viewed by opening the Event Viewer and filtering on ‘SafeSend’ as event source. |
| MarkEmbedded Images As Attachments |
Set to 0 by default, meaning that SafeSend will not show embedded images as attachments. Set this to 1 if you want SafeSend to handle embedded images as attachments. Note that SafeSend has no way of distinguishing between embedded signature images and regular embedded images. |
| OnlyPopupFor Multiple External Domains |
Disabled by default. Enabling this setting will cause SafeSend to popup only when sending to recipients of two or more external domains. |
| OnlyPopupForNew Threads |
Disabled by default. Enable this setting to make SafeSend only popup when there is a new email thread or if an external recipient has been added/removed from an existing email thread. |
| Only Popup For New Threads Days Of History |
Set to 60 days by default. Use this setting to change how many days of history email thread history that is saved. This setting is only used if OnlyPopupForNewEmailThreads is enabled. |
| OnlyPopupFor Attachments Or DLP Match |
Enable this setting to make SafeSend only pop up there is a DLP match or when attachments are included. |
| OnlyPopupForDLP Match |
Enable this setting to make SafeSend only pop up if there is a DLP match. SafeSend will then display a small ‘scanning email…’ window if files are attached as they typically take a few hundred milliseconds to scan. This works for DLP rules set in both ContentScanningRules and ClientKeywordDomainList. |
| PersonalContact Group Mode |
Set to 0 by default, meaning that SafeSend will show any personal contact group that contains external recipients. Set this to 1 if you never want SafeSend to show personal contact groups. Set this to 2 if you want SafeSend to show personal groups regardless if they contain any external recipients or not. Personal contact groups are also called Outlook distribution lists or Local distribution lists. They are stored locally on the email client, as opposed to Exchange distribution lists which are stored on the Exchange server. |
| PopupForExternalAttachments | Set to False by default. |
| PopupForExternalRecipients | True - The default for new installs is to pop up for all external recipients. This should be changed to false if other Popup settings are to be used for finer control. |
| PopupForMatchingRecipientsRegex | Set to False by default. |
| PopupForMultipleDomains | Set to False by default. |
| PopupForMultipleExternalDomains | Set to False by default. |
| PopupForReplyToRecipients | Set to False by default. |
| ResolveGAL Recipients Mode |
The default value after installation is 0, meaning that SafeSend will resolve any GAL recipients. Set this to 1 if you never want SafeSend to resolve any GAL recipients and just treat them as safe. Set this to 2 if you want SafeSend to resolve GAL recipients except for in Online Mode where they are treated as safe. |
| StringNotifyMatchingRecipientsRegexMatched |
“ “ - Extra string that is displayed when PopupForMatchingRecipientsRegex triggers the confirmation dialog. Supports the same formatting tags as the main window. e.g.; “This is formatted text<br>new line<br><b>Bold</b><i>Italic</i><a href="www.vipre.com">Hyperlink</a><color=128,50,50>Color</color>” |
| Show Subject Mode |
The default value after installation is 0, meaning that SafeSend will not display the email subject in the SafeSend window. Set this to 1 if you want SafeSend to display the email subject only for meeting invitations/updates. Set this to 2 if you want SafeSend to display the email subject on all emails, meeting invitations/updates and task requests. |
| TreatMatching Emails As External |
Use this regular expression to treat matching emails as external. This can be used to treat a specific set of distribution lists as external even though they have an internal email address. Will display ‘Confirm External Recipients’ in title window for matching email addresses. You can set this to e.g. ‘external-.*@yourdomain.com’ and it will cause SafeSend to popup for all emails, including Exchange Distribution lists, being sent to ‘external-%s@yourdomain.com’ where %s is an arbitrary string. This setting will not work if ResolveGALRecipientsMode = 1 as SafeSend will not resolve the actual email address. |
| TreatMatching Exchange DL Names As External |
Use this regular expression to treat matching distribution list names as external. Will display ‘Confirm External Recipients’ in title window for matching email addresses. This can be used to treat a specific set of distribution lists as external even though they have an internal email address. You can set this to e.g. ‘External – .*’ and it will cause SafeSend to popup for all Exchange Distribution lists with names matching ‘External – %s’ where %s is an arbitrary string. This setting is case insensitive. This setting will not work if ResolveGALRecipientsMode = 1 as SafeSend will not resolve the actual email address. |
| TreatMatching Emails As Unsafe |
Use this regular expression to treat matching emails as unsafe. Will display ‘Confirm Recipients’ in title window for matching email addresses. Use this if you have an internal email that you wish to treat as unsafe. You can set this to e.g. ‘allemployees@yourdomain.com|allemployees-officeX@yourdomain.com’ and it will cause SafeSend to popup for all emails, including Exchange Distribution lists, being sent to either ‘allemployees@yourdomain.com’ or ‘allemployees-officeX@yourdomain.com’. This setting will not work if ResolveGALRecipientsMode = 1 as SafeSend will not resolve the actual email address. |
| TreatMatching Exchange DL Names As Unsafe |
Use this regular expression to treat matching distribution list names as unsafe. Will display ‘Confirm Recipients’ in title window for matching email addresses. You can set this to e.g. ‘All Employees|All Employees Office X’ and it will cause SafeSend to popup for all emails being sent to either ‘All Employees’ or ‘All Employees Office X’. This setting is case insensitive. This setting will not work if ResolveGALRecipientsMode = 1 as SafeSend will not resolve the actual email address. |
| TreatMatching Unresolved Recipients AsInternal |
Use this semicolon separated list to define Display Names of recipients that automatically should be treated as internal if they are marked as unresolved by SafeSend. This can happen if there are Exchange contacts who do not have an email address assigned to them but that you still like to automatically treat as internal. It is recommended to set UnresolvedRecipientRetryCount to 0 if all users are using Cached Mode as this will speed up managing unresolved recipients. |
| TreatUnmatched GALEntries As Safe |
The default value after installation is disabled, meaning that SafeSend will treat any unmatched GAL entries as unsafe as they cannot be resolved. Unmatched GAL entries typically happen for terminated accounts. This setting also affects how invalid email addresses not containing an @ symbol should be treated. |
| TriggerEncryption Mode |
The default value after installation is 0, meaning that SafeSend will not ask the users about encryption. Set this to 1 if you want SafeSend to ask users to encrypt only when files are attached. Set this to 2 if you want SafeSend to ask about encryption when the DLP Content Scanning has found sensitive content. Set this to 3 if you always want SafeSend to ask users to encrypt. |
| TriggerEncryption Default Option |
The default value after installation is 0, meaning that SafeSend will require the user’s input whether to encrypt or not before the ‘Send’ button becomes visible. Set this to 1 if you want the default option to be ‘Yes’, or set it to 2 if you want the default option to be ‘No’. |
| TriggerEncryption Subject String |
This is the string that can be used in the subject line to trigger email encryption on the mail server. Typically set to ‘[secure]’ or ‘[encrypt]’. |
| TriggerEncryption X Header |
This is the string that is added as a X-header if encryption is selected. It has the following format ‘header:value’. |
| UnprotectedAttachmentsMode | The default value after installation is 0, meaning that SafeSend will take no additional action for attachments that are unencrypted. Set this to 1 to notify, 2 to confirm, and 3 to deny sending when the email has attachments that are not encrypted. |
| UseDomain Color Coding |
The default value after installation is enabled, meaning that each recipient domain is displayed in a different color. This makes it easier to spot outliers added by mistake. |
| UseSafe Domains As Blacklist |
Enable this setting to use the safe domain list as a black-list instead of a white-list. |
| UseLocalized Language |
Disabled by default meaning that English is the default language. Enable this setting to make SafeSend language match the language in Outlook. This makes SafeSend read all the strings from a Localization.xlsx file instead of from the registry. |
| UseLocalized Language GPOOverride Language |
The default value is ‘en’ meaning English. This setting allows central management of strings for a specified language even though UseLocalizedLanguage is enabled. |
| UseLocalized Language Force Language |
Set this to force a language other than English. SafeSend will then be displayed in this language instead of matching the language of Outlook. In order for this setting to work, UseLocalizedLanguage must also be set to 1. Set to e.g. fr,de,ja,es etc. Consider also setting Use Localized LanguageGPOOverrideLanguage to the language of choice so that the localized strings can also be controlled via GPO. |
| UseQuick Lookup For Outlook Contacts |
Enabled by default. This setting is introduced for backward compatibility. Only change it in dialog together with us if there are issues when resolving emails for local Outlook contacts. |
| WarnUserIf More Than X Emails In Thread |
The default value is 0 meaning that this is disabled. Set this to X to show warn the user if they are replying/forwarding to long email threads. Will ask the user in a separate message box if they really want to send the email. Will result in two message boxes (the warning, and then the SafeSend popup) for the user if the email is external. Will also set an x-header ‘X-SafeSend Long Email ThreadDetected:ThreadLength=X’ if the email thread is considered to be too long. |
Special Cases
Special Case settings are settings that require special consideration before changing.
| Setting Name | Description |
|---|---|
| AddXHeader | Disabled by default. Enable this setting to add the string ‘x-header: SafeSend’ to all emails. This can be used to verify that all computers have SafeSend installed. Computers without SafeSend installed can potentially be identified by creating a transport rule on the Exchange Server to reject outgoing emails if they do not have the x-header. |
| DisableInternalSave | Disabled by default, meaning that SafeSend performs an internal save before processing the email. It is not recommended to change this value. |
| DebugLogging | Disabled by default. Enable this setting to log additional debug information. You still need to enable LoggingFileLogEnabled or LoggingWindowsEventLogEnabled in order to set a destination for the log. |
| ProcessMaxNrRecipients | The default value after installation is 100. Enable this setting to change how many recipients, which are not part of any lists, which SafeSend should process. Setting this value to 0 processes ALL recipients. The drawback of having no limit is that SafeSend can ‘hang’ Outlook for a long time when emailing several hundred contacts. It is not recommended to change this value. |
| UnresolvedRecipientActionOnFailMode | The default value after installation is 0, meaning that SafeSend will show any unresolved recipients in the confirmation window. It will then add the string ‘(un-resolvable)’ to the recipient. Set this to 1 if you want to mark unresolved recipients as safe, and thus not show them in the confirmation window. Unresolvable recipients only occur in very rare situations where the user is suffering from a bad network connection or when an auto-complete entry for a particular user is corrupt. |
| UnresolvedRecipientRetryCount | The default value is 3. Use this setting to control how many retries SafeSend should attempt when it fails to resolve the recipient address. It is not recommended to change this value. |
| UnresolvedRecipientRetryInitialDelay | The default value after installation is 200 ms. Use this setting to control the initial delay that SafeSend waits before trying to resolve the recipient again. The delay is doubled for each iteration with a retry. It is not recommended to change this value. |
User Interface Strings for Translation
All the strings below are configurable in order to customize the text that is visible in the user interface. Overriding the default values of these strings enables the user interface to be translated to an organizations' preferred language.
SS_StringBulkEmailQuestion
StringAllRecipientsNumber
StringContentScanningComplete
StringContentScanningConfirmContent
StringContentScanningEmailContent
StringContentScanningEmailSubject
StringContentScanningFileNameHeader
StringContentScanningFirstMatch
StringContentScanningReleaseWindow
StringContentScanningRule
StringContentScanningScanningContent
StringContentScanningSendingNotAllowed
StringContentScanningSensitiveContentFound
StringContentScanningSource
StringContentScanningTimedOutLong
StringContentScanningTimedOutShort
StringContentScanningTotalMatches
StringContentScanningZipHeader
StringErrorMessage
StringErrorTitle
StringMainAllRecipients
StringMainCancelButton
StringMainEmailBCC
StringMainEmailCC
StringMainEmailReplyTo
StringMainEmailTO
StringMainFilesAttached
StringMainFilesAttachedConfirmed
StringMainListIdentifier
StringMainMessageManyRecipients
StringMainMessageMultipleRecipients
StringMainMessageSingleRecipient
StringMainSelectAllStringMainSelectedRecipients
StringMainSendButton
StringMainSubject
StringMainTitleExternal
StringMainTitleUnsafe
StringMainTriggerEncryptionOptionNo
StringMainTriggerEncryptionOptionYes
StringMainTriggerEncryptionQuestion
StringMainUnresolvableIdentifier
StringReplyAllBlock
StringReplyAllTitle
StringReplyAllWarning
StringReplyAllWarningDistributionList
StringUnexpectedErrorCancel
StringUnexpectedErrorMessage
StringUnexpectedErrorSendAnyway