Cross organizational end-to-end Outlook email security. ES2ES plug-in provides DNSSEC validated s/mime smime certificate distribution to end users. Supports rsa ecdsa ed25519. iy3xk ftc9ky


Ubiquitous end-to-end secure email

Getting started with ES2ES for Outlook

Supports DNSSEC ECDSA, ED25519, RSA end point validation!

Just download the program here and add as Outlook address book

sha256 hashes: 19e5ebd6af50b1996e2a69f5ff24a3f197ced58447d89a294c1bb15e4103911d=setup.exe, a6a6f280102de79fbc430cfdb0aaabe53b0c1677b12157db3a18898ff8839217=setup.msi (On Windows check with "certutil -hashfile setup.exe sha256")
Skip to "Configuring Outlook to use ES2ES" and use our public test server* ( instead of your own server at to try things out. MAC notes or Android notes.
Create a test S/MIME+DNSSEC email account here to try it out.

Installing ES2ES

ES2ES is now a Windows Service. So after installation it automatically runs at startup. Just configure Outlook as follows.

Configuring Outlook to use ES2ES

FILE->Account Settings->Account Settings

Address Books->New


Server Name = if using es2es or if using public test server, Next


Finish or address book visible. Close and restart Outlook.

For the DNS/email hoster: Adding S/MIME certificates to your DNSSEC secured DNS

  1. First generate a DNS record for the user's S/MIME certificate (and any intermiediate certs if not popular) by using a tool like this or sending a test email to
  2. Add/upload the result into your DNS+DNSSEC server
  3. Thats it

More about ES2ES

It basically is a miniature lightweight directory access protocol (LDAP) server that runs locally on your machine. Applications like Microsoft Outlook can directly query ES2ES for information that is otherwise unavailable and/or unsecured. Currently ES2ES is used to look-up S/MIME certificates in the public DNS (secured with DNSSEC) for email. This removes one of the primary barriers to the widespread use of secured email, namely, certificate distribution. With ES2ES installed I can send encrypted email without a previous exchange of certificates to anyone who has published their certificate in the DNS using IETF RFC6698. Since ES2ES has its own Windows native multi-threaded I/O DNSSEC validator, the look-ups are fast and secured end-to-end from email source machine to destination machine. ES2ES translates the LDAP ASN.1 style requests into equivalent DNS look-ups and validates the responses using DNSSEC.


  • What standards does ES2ES support? ES2ES is based on IETF RFC6698 and RFC8162 and will track updates in these standards.
  • What other platforms will ES2ES run on? Currently Windows 7-10 and 2012R2 server. We do have plans to support other platforms if there is more interest.
  • What will be the post beta price? We plan on pricing the supported version in the $50USD range for single units similar to other security middleware products on the market. Server and Site licenses would certainly afford a discount.
  • Will the public server support SSL? YES! Port LDAPS/636
  • Is the source code available? Source code is available under license.
  • We do also have a multi-threaded Linux version for the enterprise.
  • *Public Server notes: Windows normally downloads any missing intermediate CA certificates by following the AIA fields up to a valid root. Hence, only a valid end point certificate is needed. Outlook, however, does NOT do this for LDAP certificates. So make sure you have a reasonably up to date certificate store. This is not a problem for native ES2ES service which follows Windows convention and downloads and validates intermediate certificates as needed in the background.

Contact Copyright © 2019-2020 ZX Communications Incorporated Patented