SendSafely at the NYC Cyber Security Summit

We are excited to be sponsoring the NYC Cyber Security Summit this Thursday (9/18) in Midtown Manhattan. Make sure to stop by and say hello to us at Booth# 151. While you’re there, drop your business card for a chance to win a free Kindle!

Make sure to also ask for a preview of our new SendSafely Chrome Extension, with Google Mail integration. It’s never been easier to share files securely with SendSafely. We hope to see you there! 

Announcing BYOB (Bring Your Own Bucket)

Starting today, all SendSafely Enterprise customers have the option of going BYOB, short for Bring Your Own Bucket (probably not what you were thinking). With BYOB, all encrypted files and messages are stored in an Amazon S3 bucket that you own and manage instead of using our S3 storage facilities. This means is that you have full access to your data files store at all times, and can even control the policy we use to delete items. Want to keep deleted items forever? No problem! With BYOB, you call the shots.  

If you are an Enterprise Admin and are interested in going BYOB, contact to enroll. Once enrolled, you will need to configure an API Key and API Secret that has read and write permissions to your S3 bucket. We will even walk you through the process of getting that set up and configured if you haven’t done it before.  

Come say “Hi” at AppSec EU!

We are sharing a booth with our sister company, Gotham Digital Science, at this year’s AppSec EU conference in Cambridge. Come by Booth #3 this Wednesday and Thursday (6/25-6/26) to see a demo of our platform and request a free enterprise trial.

Don’t forget to also have us stamp your Vendor Passport for a chance to win a £200 Amazon gift voucher. We hope to see you there!

A New Way to Request Items with SendSafely

Today we are unveiling a new way to let others send you items with SendSafely. Until now, if you wanted to receive a file or message from someone else you needed to specifically request it using our “Request Items” feature (or make them reply to a message you send them). Users that frequently need to receive files from a variety of people have been asking for a way to cut out this initial step.  Starting today, every SendSafely user has their own public URL that anyone can use to send them stuff.

  • Your personal URL is largely based on your email address, so if your email address is you would use a URL like the following one: https://www.‌
  • For Enterprise Users, the URL is even shorter and based on just the local portion of your email address.  So if your email is you will use something like: https://<companyname>
  • Organizations that use SendSafely can also publish a generic URL that allows people to send files to anyone in the organization, provided the recipient is registered with SendSafely and has not disabled this feature.  The generic URL would look something like: https://<companyname> 

To help prevent spam and defend against spoofing, SendSafely will always verify the sender’s email address before allowing them to send you files.

Power Users:  Consider including a personal URL in your email footer along with your contact information so people can easily send you files using SendSafely.

Not sure what your personal URL is?  Browse to the Edit Profile screen after logging in to see your personal URL.  You can also disable this feature from the Edit Profile screen by un-checking the box that controls this feature (located directly underneath your first and last name). Enterprise Admins that want to disable this feature for their entire organization can do so from the Enterprise Console.  Note that this feature requires you to have the capability to request items from others, so Free and Basic users are not currently eligible.  

We hope you enjoy this new feature and look forward to hearing your feedback! 

BrightTalk Webinar: Secure Cloud Based File Exchange

Be sure to check out the SendSafely / BrightTALK Webinar we conducted yesterday about Secure Cloud Based File Exchange.  During the half-hour webinar, Brian Holyfield (SendSafely Team Lead) will cover:

  • Confidentiality risks associated with cloud-based file exchange
  • How encryption can, but sometimes doesn’t, help mitigate confidentiality threats
  • Limitations of server-side encryption offered by most file exchange providers
  • How SendSafely can bridge the gap between traditional file exchange and the more cumbersome Bring Your Own Encryption (BYOE) model.  

We were very pleased with the positive feedback we received and look forward to doing more join webcasts with BrightTALK. The webinar is available for viewing free of charge at  

Summer Developer Internship

Are you a software engineering student interested in security and privacy? Are you passionate about writing secure code and working with cutting edge technologies? Do you have a strong interest in web application development? If you answered YES to any, or better yet ALL, of these questions then we’d love to hear from you!  This year we are offering a combined internship with our sister company, Gotham Digital Science (GDS).  

Why do your Internship with us?

Every day, GDS and SendSafely help our customers secure their information, business applications, and networks. In order to do this, we rely on proprietary software that we write in-house.  

What you will learn:

  • Secure development and software architecture principals
  • Hands on experience writing custom C#, Java and JavaScript code
  • Experience designing web applications using modern frameworks
  • The mindset required for breaking and securely building software applications
  • Working knowledge in cryptography

Our ideal candidate is someone that is enthusiastic about security, passionate about using software technology to solve problems, and eager learn how to interface with new technologies. You should also have good familiarity with the following technologies:

  • C# and/or Java
  • JavaScript
  • ASP.NET and/or J2EE

This sounds awesome! How do I sign up?

If this sounds like the perfect opportunity to you then contact us today! We work in a fun and casual environment, based in New York City’s Financial District. Interested applicants should send a resume to Please include the text “Developer Internship” and your first and last name in the subject line of the email.

NOTE: If you submit an internship application through the GDS Security website ( you do not need to re-submit to SendSafely.  All summer internship applications for both companies will be routed to the same team.  

Perfect Forward Secrecy and more…

Last month we started rolling out some subtle changes to SendSafely that many users may not have noticed. For starters, we are now taking advantage of some new SSL features that Amazon announced back in February for the Elastic Load Balancer technology that we use for handling end-user SSL connections. Our front-end load balancers now support Perfect Forward Secrecy on all SSL/TLS connections. Perfect Forward Secrecy provides additional safeguards against the eavesdropping of encrypted data, through the use of a unique random session key. This prevents the decoding of captured data, even if the secret long-term key is compromised.  With the addition of PFS we earned an A+ from SSL Labs, the highest possible rating.

Today’s scramble to patch the OpenSSL “Heartbleed” Vulnerability underscores the grim reality that security technologies themselves are not immune from being vulnerable. Those of you familiar with how SendSafely works under the hood know that we take a layered approach to security. We assume from the start that one of the layers can, and will, fail at some point. SSL is far from the only layers that we implement to keep your data private.   

In addition to enhancing our SSL configuration, we also rolled out changes to our client-side APIs that improve performance when handling large files. Our APIs now segment large files and PGP encrypt each segment individually, reducing the overall amount of disk space and RAM needed to perform file encryption and decryption. The biggest benefit of this change is that browser-based users no longer need to use our signed Java Applet when uploading or downloading large files (provided that your browser supports HTML5).

Over the last 12 months, Oracle made a number of significant changes to how the Java Runtime enforces security with Java Applets. While these changes were well intentioned, they were very poorly executed and significantly degrade the user experience due to the large number of confusing (and constantly changing) visual security warnings and prompts. We also found that some of the new changes make backwards compatibility nearly impossible. We are very excited that going forward only users with older web browsers (specifically Internet Explorer 8 or 9) will need Java to use SendSafely.

SendSafely Integration for Microsoft Outlook

As of this week, our SendSafely for Outlook Add-In has exited Beta and is now available to all Enterprise and Pro users. We’d like to thank everyone who participated in the Beta evaluation to help make it a success.  If you were a beta user, your add-in will continue to receive updates and run the same version as all other users.  

With the add-in for Outlook, SendSafely is integrated directly into your desktop email software, making it easier than ever to send encrypted files.  Once the add-in is installed, sending an encrypted file is as easy as adding a traditional attachment to your email message. 


The SendSafely “Add Encrypted Attachment” button works in much the same way as the traditional “Attach File” button.  Files are attached with a “.SendSafely” extension, but when you press “Send” our add-in recognizes these files and automatically encrypts and uploads them to SendSafely.  A link to SendSafely is also inserted into the body of your email message that your recipients can use to access the files.  The actual file attachments are removed from the email message before it is sent. 

SendSafely for Outlook also lets you configure SMS verification for your recipients.   Every recipient on the email message is automatically added as a recipient for the encrypted files.  After you press “Send”, the add-in will prompt you with the option to enable SMS verification for each recipient on your email message.


When sending large files, our add-in let’s you continue your work while the files get uploaded to our system in the background.  Your email message is automatically sent as soon as all of the files have been successfully uploaded. 


The Outlook add-in is just one example of how SendSafely can be integrated with virtually any system or application.  Under the hood, the add-in uses our SendSafely Windows Client API to bridge the gap between Outlook and the SendSafely Platform.  Expect to see more about our API over the next few months, as we plan on expanding coverage to other platforms and integrate into other programs that our customers use frequently (like Chrome Browser).

Encrypted Messaging now Available to All Users

Over the last month we’ve been working hard to roll out Encrypted Messaging as a new feature to some of our Enterprise customers. Today we are happy to announce that this feature is available to all SendSafely users, including users on our Free Tier. With Encrypted Messaging, you now have the option of typing a message in addition to sending secure files through SendSafely.  You will have the option of sending a message securely, sending a file securely, or using a secure message in conjunction with a secure file transfer.  

The “Add Files” region of the Send page is now titled “Add Items”, and allows you to add an encrypted file, a secure message, or both. We also reintroduced the beloved Drag-and-Drop support for adding files, something that numerous users asked us to bring back after we removed it a while ago.  


Click on this region and start typing, or press “Add Message” to reveal the secure message dialog. Users that are replying to a secure file request will also have the option to add a message, and can reply to messages you send to them. 


As soon as you are done typing, your message will be encrypted using OpenPGP the same way we encrypt files you send with SendSafely. You’ll know the message has been encrypted when it becomes blurred and the padlock icon changes to closed. This happens automatically once you click outside of the message dialog (older versions of IE may not blur the message due to limited CSS3 support).  


Recipient access to secure messages is logged the same way that we log access to file transfers. You see the recipient, the IP address and the timestamp of each session they access the message from.  

We continue to be amazed at the interesting use cases that our customers are using Encrypted Messaging for. We received some feedback from one of our users, informing us about how he used this feature to implement a “break glass” procedure.  

"I needed to leave the office early yesterday, so I used SendSafely to send my colleague a message with a temporary ‘break glass’ code to use in the event that there is a sufficiently important reason for someone to get into our server room while I was out.  I set the message to expire in one day, and since all access to the message is logged, I know I’ll be notified if my colleague retrieves the code.  Simply brilliant."

We share this user’s excitement, and hope all of our users like this new feature as much as we do. As always, please continue to share your feedback with us…we love hearing from our users!  

SendSafely Featured on Twilio Blog

Our friends at Twilio have written up an article on their blog about how we use their API to provide strong authentication for our users.  If you haven’t read it already, you should check it out!  

We offer SMS verification to all users when sending packages to people in virtually any region of the world.  SMS verification makes it easy to ensure that only the right people can pick up the files you send them.  This feature is just one of many robust security features that we offer, and another reason that more and more enterprises are choosing SendSafely as their data exchange platform. 

Get started in 60 seconds.
Sign Up Today!