Connecting to the Protected Trust SMTP Gateway

The Protected Trust Email Encryption SMTP Gateway is an easy way to send secure email from any application that can send email using SMTP, helping you meet HIPAA and other compliance regulations

Number of Sends* Price
0-300 301+
$0.00/message Contact us

*The number of message recipients. For example, a message sent to 3 email addresses counts as 3 sends.

How to: Connect to the SMTP Gateway

1. Configure a Required Registration message policy. Note: This is not required if you’re a developer and use the advanced XML syntax, documented below.

2. Create API access credentials to use as your SMTP username and password.

3. Use these SMTP server settings:
SMTP Server:,
Port:, 587 (or 25)
Encryption:, STARTTLS (or TLS)
Username:, Your API Access ID from step 2
Password:, Your API Access Key from step 2


The maximum message after being MIME-decoded is 50MB.

Advanced Usage Scenarios

.NET Example Code

// create a message
MailMessage message = new MailMessage();
message.From = new MailAddress("");

// Note: The subject of a protected message is NOT encrypted and should not contain sensitive information
message.Subject = "Appointment reminder";

// The message is encrypted
message.IsBodyHtml = false;
message.Body = "Hello Joe, This is a reminder that you have an appointment at 9:30 AM on Tuesday, April 3 with Dr. Smith.nn";

// append the optional XML fragment for recipient identity verification
message.Body += "\n\n<protectedtrust><registered>yes</registered><phone>1999-555-9999</phone></protectedtrust>";

// create an smtp client
using (SmtpClient smtpClient = new SmtpClient("", 587))
    // configure the client
    smtpClient.EnableSsl = true;

    // The access credential generated for your API account.
    string accessID = "X";
    string accessKey = "Y";
    smtpClient.Credentials = new NetworkCredential(accessID, accessKey);

    // send it

How to: Authorize an IP Address

If your sending application does not have the ability to authenticate with a username and password, you can authorize the IP Address you will be sending messages from. Authorized IP Addresses are associated with access credentials, so an access credential is still required if you are sending without a username and password.

In order to add an IP Address to an access credential, you must first contact Protected Trust support ( or 863-594-1141) to enable this feature. Once the feature is enabled, follow these steps:

To authorize an IP Address on an access credential:

  1. Log in at as an administrator
  2. Navigate to the User List page
  3. Click on the service user in the list (i.e.
  4. Click on the “API & SMTP Credentials” link
  5. Find the Access Credential in the list and click Edit
  6. Add your IP Address to the field, “Auto-Authorize these IP Addresses” and Save

How to: Control Message Security Settings with Advanced XML Syntax

To send a protected message with XML Message Settings, add a valid XML string to the body of your message before sending the message to Protected Trust. The Protected Trust SMTP Relay scans the email body for the Message Settings, parses out the data, and sends the message if no errors are found. The XML tags must be entered in a structured format in order for Protected Trust to recognize the data. See the Use Cases section for examples.

The available XML tags include:

Tag Description Parent Example
<protectedtrust> Wrapper for Message Settings Message body <protectedtrust><phone>8635941141</phone></protectedtrust>
<recipient> Wrapper for a recipient <protectedtrust> <protectedtrust><recipient><email></email><registered>Y</registered></recipient></protectedtrust>
<email> Recipient’s email address <recipient> see example for <recipient>
<registered> Determines if Registered Credentials authentication is used <protectedtrust> or <recipient> <protectedtrust><registered>Y</registered></protectedtrust>
<phone> Determines if Phone authentication is used <protectedtrust> or <recipient> <protectedtrust><phone>8635941141</phone></protectedtrust>
<sharedsecret> Determines if Shared Secret authentication is used. Must contain <question> and <answer> tags to be valid. <protectedtrust> or <recipient> <protectedtrust><sharedsecret><question>Question</question><answer>Answer</answer></sharedsecret></protectedtrust>
<question> Free Text question for use with Shared Secret authentication <sharedsecret> see example for <sharedsecret>
<answer> Free Text answer for use with Shared Secret authentication <sharedsecret> see example for <sharedsecret>
<noverification> Determines if No Verification authentication is used <protectedtrust> or <recipient> <protectedtrust><noverification>Y</noverification></protectedtrust>
<expire> Number of days until the message expires <protectedtrust> <protectedtrust><registered>y</registered><expire>30</expire></protectedtrust>
<receipt> Determines if sender will receive an email when recipients view the message <protectedtrust> <protectedtrust><registered>y</registered><receipt>Y</receipt></protectedtrust>

Protected Trust XML Rules

  1. The XML Message Settings must be wrapped in a <protectedtrust> tag
  2. The <recipient> tag is only required if there is more than one recipient on the email
  3. If an <email> tag is entered, it must match a recipient on the email
  4. At least one authentication method must be entered (<registered>, <phone>, <sharedsecret>, or <noverification>)
  5. The <expire> and <receipt> tags are only valid within the <protectedtrust> tag, they cannot be applied to an individual recipient

Use Cases

Case #1 – Single Recipient, Phone Verification

Sender would like to deliver a message to a single recipient. The sender only knows the recipient’s phone number and the sender would like to be notified when the recipient reads the message.



Case #2 – Single Recipient, Registered Credentials or Phone Verification

Sender would like to deliver a message to a single recipient. The sender does not know if the recipient is registered with Protected Trust but sender does know the recipient’s phone number.

If the recipient is registered, the sender would like the recipient to authenticate using Registered Credentials. If the recipient is not registered, the sender would like the user to authenticate with a phone number.



Case #3 – Multiple Recipients

Sender would like to deliver a message to 2 recipients. The sender uses the Shared Secret authentication method for the first recipient and the No Verification method for the second recipient. The sender would like the message to expire in 14 days and to be notified when the recipients read the message.

      <question>What is the secret code?</question>


Case #4 – SMTP Relay Compatible Message Policy Defined

The sender’s organization has a message policy defined that allows users to send protected messages to both registered and unregistered users without sender interaction. In this case, the XML fragment is not required because Protected Trust will determine the verification methods for the recipients based on the message policy.