Server-side security

At Scribe, we understand that email is a critical communication channel, and we treat it with the level of security and privacy it deserves. Our server-side signature insertion feature has been designed to meet enterprise-grade security standards while ensuring seamless integration with your existing email flow.

Scribe is SOC 2 Type II compliant.


🔒 How it works — securely

When server-side insertion is enabled, your users’ outgoing emails are temporarily routed through Scribe’s secure mail relay. Here’s what happens:

  1. The email is received by Scribe’s server over a secure, encrypted connection (TLS).

  2. We inspect only the necessary parts of the message to determine whether a signature needs to be applied.

  3. Immediately after the signature block is added, Scribe applies your DKIM signature using your private key.

  4. The modified email is then returned to Google for final delivery, preserving native deliverability and user trust.


✅ No data is stored

  • No message content is persisted: Emails are processed entirely in RAM and are never stored on disk.

  • No third-party sharing: Emails are never sent to any system outside of Scribe’s own secure infrastructure.

  • No access to inboxes: We only process outgoing messages; your users’ inboxes and message histories are untouched.

Last updated