This document explains the Nightfall encryption process from a recipient's perspective. The recipient can learn how to work with emails that are encrypted with Nightfall.
The recipient experience varies for users who have the Nightfall DLP chrome extension installed and for those who have not installed it. Basically, recipients who have not installed the Nightfall DLP chrome extension can only view the contents of an encrypted email via a secure reader. This reader opens in a new tab. However, recipients who have the Nightfall DLP chrome extension installed, can view the contents on an encrypted email directly without any secure reader. The secured reader is required for these recipients only when viewing the contents of an email attachment on which persistent protection is enabled.
When the recipient opens an email that is encrypted by Nightfall, initially they can only view the content added under the introduction section. To view the actual content of the email, the recipients must click the Unlock Message button. Clicking this button decrypts the message for the recipient.
Once the recipient clicks the Unlock Message button, a new tab is opened. This is the Nightfall Secure Reader tab. The recipient is asked to complete login to their gmail again. Once the login process completes, Nightfall decrypts the contents of the email and displays the same in another tab.
Once the recipient completes the login process, the content of the email is decrypted and they can view it.
If the sender has enabled the Disable Forwarding, Set Expiration, and Persistent Protection options, the recipient can view the respective labels for these features at the top of the page as shown in the following image.
When an email expires and the recipient attempts to open it, they receive an email expired message as shown in the following image. The email label also changes to Expired
to indicate that the email is now expired.
Once the email expires, the sender can choose to extend the expiration of the email. In this case, the recipient can view the email again until the next expiration date. The sender can also choose to disable the expiration feature totally. In this case, the recipient always has the access to the email, unless the sender enables the expiration feature again and sets an expiry date.
When the recipient views an encrypted email on which forwarding is disabled, they can see the Forwarding Disabled label.
Recipients can reply to the email on which forwarding is disabled. If the email was sent to multiple recipients, any recipient can choose to reply all. However, when using the reply all (or even reply option) option, recipients cannot add any new recipients or remove any of the existing recipients.
While replying to emails, recipients can use the Set Expiration and Disable Forwarding options. These options are available only when the reply is sent through the secure reader.
The Forward option is available even on emails sent with Disable Forwarding enabled. However, if a recipient attempts to forward such an email, the email is forwarded but the new recipient cannot view the contents of the email. They get an Access Denied message.
If the sender has enabled Persistent protection, recipients cannot download attachments, copy attachments, or forward emails that have an attachment. Recipients can only view the contents of the attachment in the secure reader.
To view the attachments of an email on which Persistent Protection is enabled, recipients must click the view icon on the attachment.
When the recipient opens an email, they can directly view the contents of the email. They need not go to a secure reader to view the email contents, since Nightfall DLP extension is installed. A secure reader is needed only to view the contents of an email.
This section describes the recipient experience when encryption options are enabled by the sender.
When an email has been sent with an expiry date, the email displays the expiry date and time on top of the email.
When an email expires and the recipient attempts to open it, they receive an email expired message as shown in the following image.
Once the email expires, the sender can choose to extend the expiration of the email. In this case, the recipient can view the email again until the next expiration date. The sender can also choose to disable the expiration feature totally. In this case, the recipient always has the access to the email, unless the sender enables the expiration feature again and sets an expiry date.
When the recipient views an encrypted email on which forwarding is disabled, they can see that the Forward option is not available in the email options.
If the sender has enabled Persistent protection, recipients cannot download attachments, copy attachments, or forward emails that have an attachment. Recipients can only view the contents of the attachment in the secure reader.
To view the attachments of an email on which Persistent Protection is enabled, recipients must click the view icon on the attachment.
If the sender has included an Introduction section, recipients can see the contents of the Introduction section and the contents of the actual email as shown in the following image.