Objectif Lune joins Upland Software.Learn more >

Back to all How-tos

Secure Email Input/Output

Original Author: Philippe Fontan

Over the past few years, one of – if not the – most requested improvement to Workflow has been a way to capture and send email messages from/through online servers like Office365 and Gmail. The common characteristic of those servers is that they usually require some form of encryption, which Workflow’s standard email tasks were unable to provide. With version 2019.1, this is no longer an issue.

Outside help

Our R&D departments are always working hard on a number of improvements and fixes, and the Product Management Group juggles priorities in order to deliver the most critical of them in a timely fashion. With literally hundreds of items in the backlog, some features never quite rise to the surface even though we all know they would benefit our customers, partners and PSO staff.

Fortunately, Workflow provides two SDKs that allow brave souls outside of R&D to design their own plugins in order to implement functionality they feel is missing from the main product. Amongst the several plugins that have been developed outside of R&D over the years, two in particular stood out as they fulfilled a long standing need in Workflow: being able to send/capture email messages using IMAP and an encryption protocol, which thereby allows users to access mail boxes on online servers like Office365 and GMail.

R&D borrowed these plugins (with the original author’s blessing, naturally!) and after tweaking them slightly to meet internal development guidelines, added them to the standard distribution of Workflow.

Capturing emails

A new input task named Secure Email Input is now available in Workflow’s Input tasks. Its interface is somewhat similar to that of the standard Email Input task, but its behaviour is different so it’s not possible to swap the old task with the new one without making changes to the process. Let’s first look at the options.


The General tab lists all the conditions that can be examined to determine which messages to capture from the server. All entries can include dynamic values. All conditions specified must be met for a message to be captured. Note that it is not possible to specify multiple values in any one field (i.e. you cannot capture emails sent by either MrSmith or MrJones but you could capture all emails from @example.com).

secure email 1

The Login tab is where you specify how to access the server. The default port, protocol and encryption method (993, IMAP and TLS V1.2) have been tested to work properly with both Office365 and GMail servers. They are very likely to work with any other online Mail server as well.

The usual server name for an Office365 server is outlook.office365.com while the usual server name for GMail is imap.gmail.com. Note that these values may be different for some implementations or may change in the future. So really, all that’s left for you to specify is the account name and password required to access that account’s mail boxes.

Note! By default, GMail may not allow Workflow to access the account’s mail boxes unless that account specifically allows automated systems to access the inbox. Please refer to GMail documentation to learn how to do that (https://support.google.com/accounts/answer/6010255?hl=en).

For IMAP servers, you can specify which mail box you want to monitor, which is useful if the email account has defined rules to automatically store certain incoming messages in a specific mail box.

Note also the option to use temporary names for attachments: the Secure Email Input task downloads all attachments at once and stores them in a temporary work folder. Therefore, if two attachments have the same name (which is allowed in an email message), they will overwrite themselves in the temporary folder. Even when using temporary names, however, you are still able to access the original attachment names when processing them.


When the task runs and identifies one or several messages to retrieve from the server, it downloads the first message in the list in its entirety, including its attachments. This is in stark contrast with the standard Email Input task, which processes the email body and each of its attachments separately. For each email captured, the new task generates an XML file containing all the information required for the rest of the process to access the body and the attachments. Here is an sample XML file:

<?xml version="1.0" encoding="windows-1252"?>
<FromName>John Smith</FromName>
<Subject>A very important message</Subject>
<DateTime>2019/03/20 08:21:15</DateTime>
<To>Ze Boss &lt;ZeBoss@example.com&gt;</To>
<Folder>C:\ProgramData\Objectif Lune\PlanetPress Workflow 8\PlanetPress Watch\Debug
<Folder>C:\ProgramData\Objectif Lune\PlanetPress Workflow 8\PlanetPress Watch\Debug

The Workflow process must therefore make sure to process all files (body and attachments) because at the end of the process, all the files are deleted from the temporary work folder in order to make room for the next email message in the list.

Sending emails

A new output task named Secure Email Output is now available in Workflow’s Output tasks. This task is very similar to the standard Email Output, in that it allows you to specify the standard options (TO, CC, BCC, Subject) using dynamic values, and to include a body that can be either text-based or HTML-based (by enclosing the entire body in a <html><body> ... </body></html> ... construct). You can also add as many attachments as desired, including the current job file. However, the new task does not allow you to zip files on-the-fly.

The main differences between the two email tasks are found in the Login tab:

secure email 2

The same login information that was previously described for the Secure Email Input task can also be specified here. Refer to that section for more information

Note how the new task allows you to specify a Priority and a Sensitivity value for the email.


A note about SSL/TLS

While it is customary to use the acronym SSL when discussing secure protocols, the actual SSL protocol is obsolete and was deprecated years ago, when it was replaced with TLS (which is what HTTPS and all modern email servers use). But old habits die hard and many people continue to refer to SSL when they actually mean TLS, and some still believe SSL is the most current encryption technology. Well… it just isn’t. For more information on this topic, take a look at this page: https://www.hostingadvice.com/how-to/tls-vs-ssl/



The new Secure Email tasks make it much easier to access just about any mail box on any mail server, while keeping communications secure. As email input and output have always been very popular options in Workflow, these improvements are sure to make a lot of people very happy and to simplify processes that required secure protocols for accessing mailboxes.

Note that other external plugins are actively being considered for inclusion in the next Connect releases. Feel free to comment on those you would like to see added to the main product next!

Leave a Reply

Your email address will not be published. Required fields are marked *