How do I send an encrypted email?
From any email program: To encrypt an email using Bracket simply open your favorite email program, and send an email as you normally would. All you have to do is wrap your subject in brackets [like this] before you send your message. When you wrap your subject line in brackets it will tell our systems to encrypt the message and will automatically sent notifications to the recipients you have defined.
From bracket.email: You can also create and send an encrypted email when you're signed in to bracket.email. Just click the pencil icon in the left navigation bar to create a new message. If you’re on your smartphone just tap the button in the bottom right of your inbox. When you create a new message directly from the Bracket portal, you'll notice that brackets wrap your subject automatically, so there’s no need to add them manually.
New messages and replies are automatically saved as a draft. If something happens to your computer or device while you're creating a message don’t worry - it will simply show up in your inbox as a draft which you can open and finish any time.
Do I need to install anything to use Bracket?
No. With Bracket you can create and send an encrypted email from any client configured to accept and send mail from your email address. All you have to do is wrap your subject in brackets [like this] before you send it (you can also send encrypted email from bracket.email). Recipients of your message won't need to download anything either.
How do I sign in?
Go to https://bracket.email and enter your email address. If you have an active Bracket account, we'll email you a secure sign-in link. After opening the email, click or tap the sign-in button or enter the sign-in code shown in the email to access your Bracket inbox. For your security, your sign-in link and code will work only once, and will expire in 15 minutes from the time it was requested.
Will Bracket work with my other email accounts (gmail/hotmail etc.)?
No. When creating an encrypted email with Bracket, you'll need to be using the email address your email administrator has configured to work with Bracket. If you tried to send an encrypted email from a personal address @gmail.com, @outlook.com, or @yahoo.com, those mail systems wouldn't be set up to handle encryption for Bracket, so your email would be delivered without ever passing through Bracket's systems.
What's the size limit on attachments?
Bracket is great for sharing large attachments which normally can’t be sent through email. Bracket limits the single file attachment size to 250 MB, but you can send multiple attachments of this size at once. When sending a large attachment, be sure to send your message from the bracket.email portal instead of your normal email client. While Bracket has no problem with sending large attachments, your own mail systems might not be so accommodating.
How do I reply?
When you receive a new message notification, click the button in the email to view the message, then click or tap one of the reply buttons shown. Your reply will be added to the message thread cronologically, and all recipients of the original message will receive a notification with a secure link which will log them in and take them to your reply.
How do I forward an email?
Bracket doesn’t do forwarding like normal email clients. Instead, Bracket lets you give new recipients access to the message thread. If you’re the thread creator, you can simply click the “Add Recipient” button from the message view page and enter an email address to add someone to the thread. If you didn’t create the original message you can still add a recipient the same way, but the creator of the message will need to approve the change before they are added. Once a new recipient is added to the recipients list, they’ll be emailed a notification that will take them to the current thread where they can read through the original message as well as any attachments and replies.
Why are some of my message options disabled?
You may be unable to change certain message options because your administrator has locked them. If an option is greyed out you'll need to contact your email administrator for more information.
What does the "Protect Subject" setting do?
Sometimes there may be a message preview which shows the subject line in a notification. If your subject content is sensitive, you may want to switch this setting on to keep away prying eyes from seeing the notifications.
Can I customize my message options when sending from my normal email client?
Yes, you can set message options from any email client by adding some extra text to the subject line. Here's a list of the settings you can manage from with subject line commands.
- Export to Inbox: export: true/false
- Protect Subject: protectsubject: true/false
- Message Password: password: 1234
- Message Expiration: expires: February 7 2018
IMPORTANT: each option needs to be separated by a comma. Below is an example of what an encrypted email would look like if you wanted to manually control the options for a message from the subject line of your email client.
Example: [subject] export: false, protectsubject: true, password: 1234, expires: february 7, 2018
Signing in with no password is convenient, but is it safe?
Bracket is super easy to use, but we haven't sacrificed your privacy or security. Here's why you can rest assured that your data is also very safe. One thing that really makes Bracket intuitive is signing in doesn't require a password. You're probably thinking "What?... no password! How is that secure?" But think about it... if someone has access to your email on one of your devices your security is already compromised. This method of logging in is even more secure than the widely accepted practice of emailing yourself a password reset link for the following reasons:
- Expiring sign in links - Whether you're requesting a sign-in link or viewing a message from a notification, the email you receive contains a one-time-use button that securely signs you in and takes you directly to the message. If that button is clicked again, you'll be prompted to request a fresh sign-in link. After 15 minutes, an unused signin URL is invalidated and will no longer work.
- Device fingerprinting - We've added an extra layer of security called "device fingerprinting". If a sign-in link is clicked on a device which is different from the device used when requesting the sign-in link, the sign-in session will be invalid. To sign in to Bracket, you must use the same device you used when requesting the sign-in link. This way, your email link cannot be spoofed or intercepted in any way.
- Geolocation of sign in requests - Each sign-in request contains a geolocation signature which shows the approximate location from which the sign-in request originated. This is displayed in the footer of your sign in email as text and a map image.
How do I block an individual recipient from seeing an encrypted email?
The message creator can remove a recipient by clicking the X button next to their name in the “recipients” section at the bottom of each thread. Once a person is removed from the recipients list they will lose access to the conversation and will no longer receive notifications when a new reply is added.
How do I block all of my recipients from seeing an encrypted email?
To completely remove access for all recipients of a message and delete your message from existance, click or tap the “recall message” button in the top toolbar. This will effectively terminate all user access to the message (including your own) and delete the message from Bracket. There’s no way to restore a message once you’ve recalled it, so please be careful. If you’d like to keep the message available to yourself, a safer option would simply be to remove all individual recipients of your message by scrolling to the bottom and clicking the X button beside each recipient.
How long will my email be stored in Bracket?
Because most people don't want or need their sensitive data lingering around forever, Bracket only retains your messages for one year. But if you want to save it for longer than that, we've made it very simple to export your data to archiving solutions, or even securely download them to the inbox on your email client. If you'd need a message to expire more quickly, you can set the message expiration by clicking the message options icon in the top navigation and adjusting the expiration date (both when creating a new message or viewing a message you've already created). Just remember that expired messages are deleted and will no longer accessible to you or any of the other recipients for that message.
Can I get my encrypted email out of Bracket?
Yes you can, as long as the original creator of the email has allowed it. Exporting a message lets you deliver an entire message thread to your inbox via secure SMTP delivery. If exporting a message is allowed by the message creator there will be a download icon in the top toolbar. Simply tap or click this icon to export a message thread to your inbox. You can disable the Export to Inbox option for every message you send from the settings page, or you can revoke the export option from the message options for an individual message.
You’ll be prompted with a warning if the message contains attachments that are larger than what most mail servers would allow. The reason for this is that many email servers outside of Bracket have relatively small attachment size limits which would cause your message to not be delivered. If you get the warning message that your attachments are too large to export, you should export the message without attachments, then download the individual attachments you want from the message thread itself when logged into Bracket.
Can I see if someone has opened my email?
Yes. When viewing a message that you originally created, you can see when your recipients opened your message, downloaded an attachment, or took various other activities related to your message. As the message thread creator, you are the only person in the thread who sees this information.
Can I make Bracket even more secure?
If you really want to lock your Bracket access down we also have two advanced options which make your content so secure that our highest level engineers couldn't access your email... even if another entity tried to force us.
- You can enable Two Factor Authentication - Two factor authentication makes it so you'll be prompted to enter a unique code when signing in (in addition to the normal sign in process). This code will be sent to your mobile device via SMS. You can set up TFA from your settings page. When setting up TFA you will be required to enter your mobile phone number. Be sure you give this a mobile number that you have readily available access to. Once TFA is enabled, you'll sign in by requesting a sign-in link as usual, but you will then be prompted to enter a randomly generated, single use, six-digit code (which is automatically delivered via SMS to your mobile device).
- Enable a Personal Data Key - You can tell Bracket to generate a secure personal data key from the settings page. Your personal data key will be shown to you only during setup, at which time you will be responsible for recording your key and storing it in a safe place. Once enabled, this unique key will be required when you sign in. If you have enabled this security mechanism, it will be impossible to view your data without your personal data key. Please note that without this key our only way to restore your access to Bracket is to reset your account, which will wipe any previously existing messages. It's that secure.