Email Integration & Security FAQ

Created: Jul 23, 2015 11:24AM PDT      Updated: Dec 07, 2015 03:41PM PST

While the benefits of integrating your mailbox in TalentBin are fairly self-explanatory and essential to a successful workflow in the tool, we realize there are many questions our users have about the setup and/or security of this feature.

Here's a list of common integration and email security questions we get asked frequently (Please click a question or scroll down for the answers):

Common Integration Questions

Email Security Questions

_________________________


Common Integration Questions


What type of mailboxes do we support?

The TalentBin candidate integrated messaging system acts as a 3rd party email client and is compatible with any of the following protocols:

  • Google Mail - GMail and Google Apps via OAuth
  • SMTP and IMAP - Including SSL, TLS, STARTTLS, and plain connections
  • Exchange - Via Exchange Web Services (EWS)
Once your email is associated with TalentBin, it is able to use your existing email credentials to send and receive emails on your behalf. Therefore, it is necessary that your email server enables 3rd party email clients to connect via one of these protocols.

Note: If you do not use one of these email protocols, we have a new solution for you called
Mailbox Lite.


Do email interactions with candidates also show up in my normal email server inbox (Outlook, Gmail, etc.)?

All emails do indeed show up in the recruiters internal inbox AS WELL AS the TalentBin inbox. We use your infrastructure (mail server) to send the emails.

In other words, it is almost identical as sending it from your PC, except we add CRM tracking within TalentBin that your PC doesn't have. Specifically, we keep track of the communications between the recruiter and the candidate, and in that way we can attach all communications to the TalentBin candidate profile, automate candidate staging (moving them through the hiring pipeline), and give the recruiter advice as to when they should reach out to given candidates. For example, we track opens and clicks for the messages generated within TalentBin, and in that way we can tell the recruiter which candidates are "hot" and suggest when to follow up.


What ports need to be opened?

If you are using SMTP/IMAP (as opposed to Exchange or Gmail), you will need the following info:

SMTP/IMAP Credentials: 
  • SMTP address: smtp.mycompany.com (or similar)
  • Port: #
  • SSL? (yes or no)
  • IMAP address: imap.mycompany.com (or similar)
  • Port: #
  • SSL? (yes or no)
We rely on open SMTP/IMAP ports. Some of the options broadly used for SMTP are 25, 465, 587 but you can choose whatever port you want as long as your email server is accessible from the internet.

You need to allow https connection from us to your exchange server and give us the public DNS of the server. This is so that TalentBin can track any emails sent to candidates within our system.

At TalentBin we have built our own SMTP/IMAP and Exchange clients.

Exchange URLs:

We also allow the users to integrate their accounts into the system in a really similar way that they would integrate them in Outlook or Thunderbird. Our system uses the following credentials:
To connect to the email server in the same way that a desktop or mobile app would connect. This is just as safe as the email client you use on your phone or a third-party email client like Thunderbird.

Important Note: Often the MS Exchange username is different than the email. Also, if it doesn't work with the fully qualified name (e.g. "na\fred"), try just using "fred" instead (no quotes). 

- All exchange urls are https://
- All exchange urls that we have seen so far end with /ews/Exchange.asmx
- “/owa” if it exists should be removed and replaced with “/ews/Exchange.asmx



Do you support VPN?

No.


We allow our users to connect to email outside of VPN. How difficult is it to associate email with TalentBin?

Not difficult, we just need the information requested above. If you don't allow them to connect to their emails from the outside, you would need to allow them to do an SMTP/IMAP or Exchange connection to your email server.


Do you also send me emails?

Yes. We send one email reminder for any overdue task notifications you manually establish in TalentBin three times a week (Mondays, Wednesdays, Fridays). These emails are sent to the email address you set up in your account preferences in TalentBin. Optionally, we will also send a "recommended resumes" email once a week if you 
enable the recommended resumes option in your CRM preferences.


Do your email requests have a static IP address you can provide?

No. Our platform uses Amazon Web Services.


Why doesn’t my shared mail in Office 365 send?

Please change your settings to Exchange in Office 365. This will resolve the issue.


What email address do these emails come from so I can make sure to whitelist it?

The 3x weekly task reminder emails will come from TalentBin Reminder (contact@talentbin.com). The subject line will be "Overdue tasks and recommended TalentBin actions for {date}"

The 1x weekly (optional) recommended resumes email will come from TalentBin Candidate Search (contact@talentbin.com). The subject line will be "New qualified candidates for your {open requisition} folder!"



What software do you use to send these emails?

We use 
SendGrid.

_________________________


Email Integration Security Questions



What are the credentials that we need/store for each type of mailbox?

Google Mail

  • The user has to grant TalentBin permission via the regular Google Oauth Flow

    • Google gives us an Access Token and a Refresh Token.

  • We store the following information per mailbox:

    • Access Token (encrypted)

      • Expires in 6 minutes

    • Refresh Token (encrypted)

      • Let’s us refresh the mailboxes in the background.

      • Every time that we use a Refresh Token we get a new one from Google

  • Eventually Google invalidates old Refresh Tokens.

SMTP & IMAP

  • We store the following information per mailbox

    • SMTP host

    • SMTP port

    • If SSL is needed for SMTP

    • IMAP host

    • IMAP port

    • If SSL is needed for IMAP

    • Password (encrypted)

    • Username (encrypted)

Note: We use all this information every time that we need to connect to the mailbox

Exchange

We store the following information per mailbox:

  • Username (encrypted)
  • Exchange EWS URL
  • Password (encrypted)

Note: We use all this information every time that we need to connect to the mailbox


How do we protect mailbox credentials?

We encrypt sensitive information for the mailboxes in our system, and use industry standard encryption to protect the credentials before storing them.

Google Mail

  • We encrypt the Access Token and the Refresh Token

SMTP & IMAP 

  • We encrypt the password and the username

Exchange

  • We encrypt the password and the username

Note: The keys that we use to encrypt the information live separately from the data.


What email data do we store?

When we pull from the users’ mailboxes we do in memory filtering such that we only store data that users care about in the TalentBin context. The data is defined by:

  • Emails sent from email addresses that the user previously wrote from talentbin.com. For example, if a user writes a TalentBin sourced candidate, we pull in that email thread to display in the candidate CRM
  • Emails sent to email addresses that the user previously wrote from talentbin.com. For example, if a user receives an email from a TalentBin sourced candidate, we pull in that email thread to display in the candidate CRM
  • All replies in threads that include one or more emails matching one of the previous two conditions. For example, if a user forwards an email thread with a TalentBin sourced candidate to the hiring manager for feedback, and the hiring manager responds to that email thread, we will pull in the hiring manager’s email response.


How is data stored and accessed?

  • This data is stored in our MySQL database.
  • We access that data from our frontend and backend servers.
  • We prevent external connections to our databases via AWS security groups.

Would it be possible for someone to obtain this information by "listening" to the communication between TalentBin and our email servers?

Anytime a conversation happens over the web there could be some risk. Exchange Web Services java api uses SSL for all communications between the client (us) and the server (you), which solves this issue.

Do you support TLS authentication?

Yes.

Do you support 2-step authentication?

No.

 


See Also


Q​uestions? Thoughts? Either c​ontact your Product Specialist, reach out to us at support@talentbin.com anytime, or leave a comment below!
Comment Form is loading comments...


Contact Us