Email

Is Merlin an email client?

Yes, Merlin is a full-featured email client. It provides complete support for multiple accounts on public, private and corporate email systems. Merlin supports POP3, IMAP and encrypted MerlinMail. Merlin also offers important features not found in most email clients, including secure thumbnails of all attachments (see at a glance everything someone has sent, or that you are preparing to send), and cross-referencing by topic to all the other types of information Merlin manages. This eliminates the need to manually file email by a single topic or sender – In Merlin every email is automatically filed under every person addressed and every topic discussed.

With most email clients, if you keep an important email, you are faced with the uncomfortable problem of where to file it. That's not difficult if it's from just one person and discusses only one subject, but where do you file it if it's addressed to four people, all of whom are relevant to the topic at hand, and discusses several subjects? Most email clients allow you to file a note in only one place, in just one folder.

We think that's absurd. So instead, in Merlin you can simply click on 'AutoFile' and it will be moved from your inbox to the archive, and links to it will be created under every person addressed by the note and every topic discussed in it. This works for all email protocols (POP3, IMAP and secure M2M) and for all email accounts, whether public, private or corporate.

Merlin also offers many other useful email features, including delayed send (allows you to cancel an email before it's actually transmitted), multiple or grouped email replies (reply to a cluster of emails with a single note), multiple simultaneous previews, and much more. Most important of all, Merlin offers automatically encrypted private email, called MerlinMail that uses the Kahuna network to guarantee secure delivery (with receipts) to any other Merlin user.

Can I import all my emails from my current email client into Merlin?

Yes. Merlin can import email directly from MS Outlook and Mozilla Thunderbird. You can also import contacts and many other things, depending on what version of the source program you have.

If I send an email to a friend who doesn't have Merlin, can they read it?

Yes, but it cannot be encrypted because the recipient will not be able to decrypt it. However, if you email someone else who has Merlin, then the email and all attachments are encrypted and travel via Kahuna (unless you explicitly choose for it to go via regular email). If you have Merlin, and you email a person who does not have Merlin, the email goes via regular email, unencrypted. Of course, you need an email account someplace to do that (such as Gmail or Yahoo).

Does Merlin have an automatic email account setup wizard?

Yes. Merlin helps you connect to external email services such as Gmail or Yahoo (and hundreds of others) using a built-in database of email server settings. Most of the time all you have to do is enter your user name and password, and Merlin will do the rest.

Once it arrives on my device, is email stored in an encrypted form?

Yes. MerlinMail is always encrypted, both in transit and on the sending and receiving devices. And even regular email is encrypted inside Merlin once you receive it (everything in Merlin is always encrypted). Of course, regular email travels unencrypted over the internet from the sender to you, so it's exposed as it travels, which is why we strongly recommend using MerlinMail instead.

Can regular email be encrypted when I send it?

No (unless you and the recipient install special encryption certificates). Although Merlin could easily encrypt it using its built-in encryption, a regular email recipient could not decrypt and read it because they do not have access to the right 'keys'. There is a solution to that, but it involves installing what are known as certificates with public and private keys. As you can see just from the Wikipedia entry, that's not so easy. But why bother? Just use MerlinMail – it has all that built in, there's nothing to install or configure, and 100% encryption is completely automatic, both in transmission and on the sending and receiving devices.

Does Merlin prevent spam?

Yes. For regular email Merlin has a high quality spam filter that will augment the spam protection provided by your email service (such as Gmail, etc). Merlin's spam filters are updated automatically. For MerlinMail spam filtering is generally not necessary because the Kahuna network recognizes spammers and other misbehaving users very rapidly.

What’s the difference between regular email and MerlinMail™?

 The big difference is, MerlinMail is secure and regular email isn’t. You can think of a regular email like a postcard with your message plainly visible on the back, and a MerlinMail like a letter sealed in a super-secure envelope only the recipient can open. You create a MerlinMail simply by selecting the recipient’s Kahuna ID in the 'To' field instead of their normal email address... there are no boxes to tick, everything else is automatic (of course, the recipient must also be a Merlin user to have a Kahuna ID).

The appearance and functionality of regular email and MerlinMail are very similar – you compose them in the same way, and they are listed together in your inbox. But regular email travels via the servers of an email service provider such as Gmail or Outlook, and unless you plug in special encryption systems – which many people find complex and cumbersome – it moves over the open internet completely unprotected. Anyone along the path of intermediate delivery servers can read regular email. Not so with MerlinMail: it's automatically encrypted, both inside the sending and receiving devices and while in transit. And rather than being delivered by public email servers, MerlinMail is delivered using the secure Kahuna network.

MerlinMail offers several features that are not available with regular email, including much larger attachments, guaranteed delivery, delivery status reports and receipts, delayed delivery, and Read-Once email.

If a note is addressed to a mixture of Kahuna IDs and regular email addresses, Merlin will encrypt the messages for all the Merlin recipients. But for copies addressed to regular email users, Merlin has no choice but to send the message and any attachments in unencrypted plain text because that’s all they can understand. Merlin will warn you if you attempt to mix recipients like this, which is generally not recommended.

What’s Read-Once MerlinMail™, and when should I use it?

When you compose an email to another Merlin user, you have the option of setting it to be read only once. This is sometimes referred to as a 'self-destruct' email. When the recipient opens it they have one opportunity to read it before it is permanently deleted (wiped).

Read-Once MerlinMail cannot be saved by the recipient, and all forwarding, link navigation and copy and paste capability is disabled. Once the recipient closes the reading window or otherwise moves away from the Read-Once note, it’s gone forever. Recipients can also view Read-Once attachments, but they cannot be saved and are also wiped after they have been viewed.

The Read-Once feature is available only for email sent between Merlin users (MerlinMail); it does not work with regular email (which travels over public email servers and is completely insecure anyway). As with all communication between Merlin users, MerlinMail is delivered by the Kahuna network and is encrypted end-to-end, and within the sending and receiving devices.

Even though Read-Once MerlinMail is just as private as everything else in Merlin, it must not be regarded as audit-free communication because there is nothing Merlin can do to prevent a recipient taking a ‘screen-shot’ or even just a close-up of their device using a digital camera (however, photos and screen-shots are not the same as having the actual data; anyone can fake a picture using Photoshop). Where the Read-Once feature is very useful is when you want to say something once only, and you don’t want to impose upon the recipient the responsibility of remembering to securely wipe the message – Read-Once will do it automatically. People find this a useful way to send temporary login credentials, password reset keys, financial payment information, and any other form of transient or single-use data.

To create a Read-Once MerlinMail, compose an email as usual, make sure you address the recipient by selecting their Kahuna ID, and check the Read-Once box. If you mistakenly attempt to send a Read-Once note to someone who is not a Merlin user, Merlin will remove the Read-Once setting and ask you if you want to send the note anyway. Also remember that although you can add attachments to a Read-Once MerlinMail, the recipient can only view them once; they will not be able to save them.

You can reply to a Read-Once MerlinMail, but the content of the original message will not be included in your reply, nor any attachments. Replies are also set to Read-Once, allowing you to have a series of Read-Once exchanges.

Internally, when a recipient opens a Read-Once MerlinMail, the message and any attachments are decrypted to memory and the encrypted data is immediately destroyed. Only then is the message presented on screen. So even if the recipient shuts off their device, the original data has already been destroyed. Thus by their very nature, Read-Once MerlinMail cannot be assembled into subject threads, nothing remains to stitch together. The content of Read-Once MerlinMail is not indexed by Merlin, and no links are built by the Syndex™. 

Can I install independent certificates such as GnuPG in Merlin?

Yes, at which point even regular email will be encrypted. However, to read it every recipient must also manually install the same system (either in Merlin or any other email client that supports certificates), which is often a clumsy process. But why bother? Merlin comes with all that built in, there's nothing to install or configure; it's all completely automatic.

Do different Personas have different MerlinMail™ and regular email accounts?

Yes, everything about different Personas is completely isolated and separate.

Does Merlin scan email for viruses?

When you receive email in Merlin it remains encrypted inside Merlin, protected from prying eyes inside a strong 'shell'. This protection works both ways – for so long as an email remains in Merlin it's isolated from the operating system, so a file that happens to be infected can do no harm. If you open that file using any of Merlin's built-in viewers and editors it is likewise isolated and can also do no harm. 

The exception to this is if you intentionally export a file from Merlin to your operating system. At that point the operating system can see it, and it can see the operating system. In such instances it's wise to scan the file with your regular virus scanner before opening it. This holds true for email attachments as well: so long as you view or edit them inside Merlin, should one happen to have a virus it can't access the operating system to cause any harm. It also can't cause any harm to other items in Merlin because each one is encrypted separately. Merlin has been tested and works well with all major virus scanners.