Encrypted form submissions
If you're submitting private information, such as your credit card number, you want to be sure that no eavesdropper can see that information.
FormMailEncoder works with FormMail, and your browser's HTTPS connection, to ensure that your private information can only be viewed by the intended recipient.
What is FormMailEncoder/FormMailDecoder?
FormMailEncoder uses Strong Cryptography to ensure the data you submit on a form is encrypted all the way to its destination.
FormMailDecoder is used by the recipient on their private Windows PC to view the information you submitted. Only personnel who know a secret password can access the information encrypted by FormMailEncoder.
If you've come to this page because you're using a website form that uses FormMailEncoder, we've provided information below that explains how your data is secured.
Is your form submission secure?
FormMailEncoder does not take the place of HTTPS. Rather, it works with a secure connection from your browser to ensure that your information is secure all the way to its destination.
Look for a URL that begins with "https". Your browser may also show a lock icon in the status bar. This protects your information from your browser to the server. But no further.
If the form you're filling in also uses FormMailEncoder, then your information is protected from your browser all the way to the intended recipient.
How secure is FormMailEncoder?
We've implemented state-of-the-art encryption technology that has been adopted by the US Government as a standard for cryptographic applications.
FormMailEncoder uses the AES algorithm with a 128-bit key. The key is randomly generated for each message (i.e. each form submission). It protects this key using the RSA Public Key algorithm with a 2304-bit modulus.
At current estimates, it would take a huge network of the fastest computers well over 50 years to guess a message key and decrypt the message.
Form submissions without FormMailEncoder are insecure
Usually, form submissions containing your private information travel across the World Wide Web to a server and then travel to the intended recipient via email.
Throughout its journey, your private information is in clear text and is viewable by any eavesdropper!
A form that uses HTTPS protocol only partially protects your information.
Even with HTTPS, form submissions are not secure
A form that only uses an HTTPS connection (using TLS/SSL) protects your information while it travels from your browser to the server. Your information is kept private while on its journey to the server.
But, an email from the server to the intended recipient is still visible!
Worse still, the email may be stored on the server for some hours or days before it is collected. While it is stored, your private information is viewable by people who have access to that server.
FormMailEncoder with HTTPS provides excellent security
In addition to using the HTTPS connection, advanced forms use FormMailEncoder to ensure that your private information is secured once it arrives at the server and through the rest of its journey to the intended recipient.
Only the intended recipient, with their unique secret password, can access your private information.
FormMailEncoder for your website
If you have a website and you want to secure your customers' form submissions, we've provided more information including some demonstration movies.
You can also read our HOW TO guide.