ES2ES Beta

Ubiquitous end-to-end secure email

Getting started with ES2ES for Outlook

Supports DNSSEC ECDSA, ED25519, RSA end point validation!

Just download the program here and add as Outlook address book

sha256 hash = 5ca944ae02313313b6d9f4142bd57e01404254729d54c7df28ed829a9864a96d es2es.exe
Check at command prompt with "certutil -hashfile es2es.exe sha256" (also dnssec validated hash at "dig +dnssec txt")
Skip to "Adding ES2ES to Outlook" and use our public test server ( instead of your own server at to try things out. mac notes

Installing ES2ES

Just double click on it to kick it off in the background. It will create a logfile in the same directory should you wish to study its inner workings. Double click on the tray icon to terminate. Then follow the step below in Outlook:

Adding ES2ES to Outlook

FILE->Account Settings->Account Settings

Address Books->New


Server Name = if using es2es or if using public test server, Next


Finish or address book visible. Close and restart Outlook.

For the DNS/email hoster: Adding SMIME certificates to your DNSSEC secured DNS

  1. First generate a DNS record for the user's SMIME certificate by using a tool like this or sending a test email to
  2. Add/upload the result into your DNS+DNSSEC server
  3. Thats it

More about ES2ES

It basically is a miniature lightweight directory access protocol (LDAP) server that runs locally on your machine. Applications like Microsoft Outlook can directly query ES2ES for information that is otherwise unavailable and/or unsecured. Currently ES2ES is used to look-up SMIME certificates in the public DNS (secured with DNSSEC) for email. This removes one of the primary barriers to the widespread use of secured email, namely, certificate distribution. With ES2ES installed I can send encrypted email without a previous exchange of certificates to anyone who has published their certificate in the DNS using IETF RFC6698. Since ES2ES has its own Windows native multi-threaded I/O DNSSEC validator, the look-ups are fast and secured end-to-end from email source machine to destination machine. ES2ES translates the LDAP ASN.1 style requests into equivalent DNS look-ups and validates the responses using DNSSEC.


  • What standards does ES2ES support? ES2ES is based on IETF RFC6698 and RFC8162 and will track updates in these standards.
  • What other platforms will ES2ES run on? Currently only Windows 7-10 and 2012R2 server. We do have plans to support other platforms if there is more interest.
  • What will be the post beta price? We plan on pricing the supported version in the $50USD range for single units similar to other security middleware products on the market. Server and Site licenses would certainly afford a discount.
  • Will the public server support SSL? Currently it does not but there are plans to do so.
  • Is the source code available? Source code is available under license and a separate base produced under a secure development life cycle for large companies and governments is also available.

Contact Copyright © 2019 ZX Communications Incorporated Patented



Secure email / email encryption using DNSSEC, OPENPGPKEY, or S/MIME dane smime smimea dnssec windows outlook ecdsa ed25519