Permissions required to run SecureMailMerge

When you first start using SecureMailMerge you will be asked to give SecureMailMerge certain Microsoft 365 permissions in order to create a mail merge on your behalf. On this page we will go through each permission and why it is needed.

Basic information about mail merge processing

It's important to note that SecureMailMerge works completely on your computer. The permissions you grant to SecureMailMerge are only used on your computer and never transferred to any server for processing.

The only server we operate for SecureMailMerge if to check if you have purchased a commercial license. See our firewall section if you want to enforce this.

Microsoft 365 permissions

Add files from your hard disk

At first glance the permissions requested make up a long list. But we consider it a better practice to request granular permission just for the features we offer and not any broad permissions that essentially give full access to a Microsoft 365 user.

We will list each permission and what we need it for:

  • Sign you in and read your profile: This gives the plugin the opportunity to ask you to login and get your email address which we use to check if you have a valid license and also to display to you, so that you don't send a mail merge campaign from the wrong mailbox.
  • Read your contacts: With the plugin you can send a mail merge campaign to contacts in your personal address book.
  • Read your and shared contacts: The plugin also lets you create mail merge campaigns from contacts in a shared mailbox.
  • Read calendars you can access: The plugin lets you filter your contacts by by the assigned Outlook categories. Unfortunately a quirk in the Microsoft permissions architecture requires us to request Calendar access to gain access to these categories in shared mailboxes. This was approach verified and recommended by a Microsoft support engineer.
  • Send mail as you: The plugin will create the mail merge as a set of mail messages in your mailbox and then needs to send them.
  • Read and write access to your email: In order to support our attachment features the plugin must be able to create draft messages in your mailbox while it uploads the attachments. These drafts are then sent using the previous permission. them.
  • Read you mailbox settings: In order to comply with any limits on your mailbox the plugin reads your mailbox settings to ensure it doesn't do anything that is prohibited by our organisation's IT or Microsoft 365 in general. This permission is also to read the Outlook categories for the logged-in mailbox. (For shared mailboxes see above.)
  • Maintain access to data you have given it access to: Microsoft permissions are seperated into access and refresh tokens. The access token is the first token you get and requires you to login. The refresh token then lets the plugin tell Microsoft it is still working on your behalf (i.e. preparing or sending a mail merge) and get a refresh token to give the plugin continued access. This permission lets us get a refresh token without asking you every couple of minutes while you are sending a mail merge campaign. Despite what the permission indicates the token is never transferred outside of your Outlook instance and therefore as soon as you close the plugin or Outlook you will be asked to login again and no operations can occur when the plugin is not loaded.

If any of this is not clear enough, please contact us at [email protected] and we will do our best to improve this documentation.

Required firewall permissions

Microsoft 365 plugins are essentially single page web application which are loaded from our webserver at https://www.securemailmerge.com. Only HTTP GET permissions are required to fetch the plugin with one exception:

The plugin will verify if the user has a valid license by calling an API endpoint with HTTP POST request at https://www.securemailmerge.com/api/license.

Therefore the plugin requires only HTTP GET and POST permissions on port 443 (HTTPS TLS) to our server cluster at www.securemailmerge.com.

Note: our infrastructure is hosted in the Microsoft's European Azure datacenters.

Data transfer to our server (i.e. your email address)

The plugin will check for a license whenever you have authenticated with Microsoft 365. This happens at three times:

  • When you send a test email
  • When you send a mail merge campain
  • When you load your address book

The primary email address of the mailbox you are logged-in as will be sent to our licensing server (but never any campaign data or emails you generate mail merges for). The email is matched against a list of valid licenses on our licensing server. If there is no match the email does not get stored.

  • For users of the free version the email address is never stored.
  • For users of our commercial license the user's email is stored for the duration of your license.