In "Using PGP to Encrypt Your SOHO’s Email", I explained that computer networks send most email in the clear, which means that the text of these messages is unencrypted. Because most small office/home offices (SOHOs) transmit and receive confidential and sensitive information daily, they are vulnerable to prying eyes. Any unauthorized user who has a reasonably effective packet sniffer can easily read your email, creating a major security hole in your SOHO computer systems.
Many software companies provide an easy solution to this large security problem. One such company, Zixit Corporation, offers ZixMail, a service that lets you send secure, certified email to any recipient. The company has built a $50million data center that can handle all the world’s email for one day, hosting such functions as validating and distributing public keys. Zixit uses three atomic clocks to create timestamps, certified email receipts, and transaction certificates. The company also uses Secure Sockets Layer (SSL) to deliver secure email through encrypted Web sessions. Connectivity and reliability are obviously paramount to Zixit—the company has three digital signaling (DS3) lines (equivalent to 72 T1 lines) and three strategically located mail relay centers in the United States.
ZixMail users can use the application Zixit provides or use an add-in for Microsoft Outlook and Lotus Notes to compose messages. Once a ZixMail user has composed an email message, the software steps through the following process:
- The program or add-in requests a transaction certificate and the email recipient’s public key from the ZixMail data center.
- ZixMail returns these items to the person who sent the email message.
- On sending the message, the software compresses and encrypts the email message, labeling it with the date and time, signing it digitally, and routing it through the Internet to its destination address location.
- When the recipient opens the message, if the sender requested a receipt, ZixMail returns a certified, digitally signed receipt.
ZixMail also works without having a client program or add-in installed, letting recipients who don’t pay for the service still receive secure email from senders who do pay. The first two steps in the above procedure are the same, but the paths diverge at the third step. When a ZixMail user sends the encrypted message through ZixMail.net, the Zixit data center stores the email message and sends an advisory message to the recipient about the email message it's holding. The recipient can click the provided link to go to the ZixMail Web mail-retrieval system. After self-authentication (when the recipient supplies the public key that he has registered with Zixit, or Zixit generates the key), the recipient connects securely to the message (through 128-bit SSL encryption) and views it. ZixMail can then send a pick-up notification if the sender requested one. ZixMail.net also offers facilities for ZixMail subscribers to access and compose secure email remotely.
Instantaneous communication over any distance is the key benefit of email. Users have become accustomed to this, and usability studies have shown that adding complex steps to encrypt and secure email turns users away. Simplicity is of one of ZixMail's key design elements. With its simple add-ins for email programs, the only difference between sending an unencrypted email and an encrypted, secure message is clicking the Z logo button instead of the Send button. Also, because recipients don't have to subscribe to ZixMail to receive ZixMail messages, the company has overcome a major obstacle that users stumble over with pretty good privacy (PGP) and other encryption methods.
Why should a SOHO user trust Zixit? The company has a well-planned security schedule with a data center it has secured by three manned controls—video monitoring, zone-based security, and smart authentication (e.g., proximity cards and biometric reading). Zixit uses Triple Data Encryption Standard (3DES) to secure messages coming into the data center, and duplicates the messages for storage on an online, redundant array of disks. To guard against media theft, Zixit doesn't make any removable media backups of the email messages it stores. The company also enforces a sender-configured expiration date, after which Zixit permanently erases all copies and records of the email. Zixit strictly schedules and adheres to third-party audits of its security procedures. In addition, the company reviews access logs for any unauthorized entry attempts and forwards the information to law enforcement authorities. In my opinion, the company is trustworthy.
ZixMail's pricing is very simple—an annual cost per email address of $24, with bulk email agreements available based on volume. ZixMail doesn't put limits on the number of transmitted messages, providing an affordable solution to the email security problem.
In "Using PGP to Encrypt Your SOHO’s Email", I explained that computer networks send most email in the clear, which means that the text of these messages is unencrypted. Because most small office/home offices (SOHOs) transmit and receive confidential and sensitive information daily, they are vulnerable to prying eyes. Any unauthorized user who has a reasonably effective packet sniffer can easily read your email, creating a major security hole in your SOHO computer systems.
Many software companies provide an easy solution to this large security problem. One such company, Zixit Corporation, offers ZixMail, a service that lets you send secure, certified email to any recipient. The company has built a $50million data center that can handle all the world’s email for one day, hosting such functions as validating and distributing public keys. Zixit uses three atomic clocks to create timestamps, certified email receipts, and transaction certificates. The company also uses Secure Sockets Layer (SSL) to deliver secure email through encrypted Web sessions. Connectivity and reliability are obviously paramount to Zixit—the company has three digital signaling (DS3) lines (equivalent to 72 T1 lines) and three strategically located mail relay centers in the United States.
ZixMail users can use the application Zixit provides or use an add-in for Microsoft Outlook and Lotus Notes to compose messages. Once a ZixMail user has composed an email message, the software steps through the following process:
- The program or add-in requests a transaction certificate and the email recipient’s public key from the ZixMail data center.
- ZixMail returns these items to the person who sent the email message.
- On sending the message, the software compresses and encrypts the email message, labeling it with the date and time, signing it digitally, and routing it through the Internet to its destination address location.
- When the recipient opens the message, if the sender requested a receipt, ZixMail returns a certified, digitally signed receipt.
ZixMail also works without having a client program or add-in installed, letting recipients who don’t pay for the service still receive secure email from senders who do pay. The first two steps in the above procedure are the same, but the paths diverge at the third step. When a ZixMail user sends the encrypted message through ZixMail.net, the Zixit data center stores the email message and sends an advisory message to the recipient about the email message it's holding. The recipient can click the provided link to go to the ZixMail Web mail-retrieval system. After self-authentication (when the recipient supplies the public key that he has registered with Zixit, or Zixit generates the key), the recipient connects securely to the message (through 128-bit SSL encryption) and views it. ZixMail can then send a pick-up notification if the sender requested one. ZixMail.net also offers facilities for ZixMail subscribers to access and compose secure email remotely.
Instantaneous communication over any distance is the key benefit of email. Users have become accustomed to this, and usability studies have shown that adding complex steps to encrypt and secure email turns users away. Simplicity is of one of ZixMail's key design elements. With its simple add-ins for email programs, the only difference between sending an unencrypted email and an encrypted, secure message is clicking the Z logo button instead of the Send button. Also, because recipients don't have to subscribe to ZixMail to receive ZixMail messages, the company has overcome a major obstacle that users stumble over with pretty good privacy (PGP) and other encryption methods.
Why should a SOHO user trust Zixit? The company has a well-planned security schedule with a data center it has secured by three manned controls—video monitoring, zone-based security, and smart authentication (e.g., proximity cards and biometric reading). Zixit uses Triple Data Encryption Standard (3DES) to secure messages coming into the data center, and duplicates the messages for storage on an online, redundant array of disks. To guard against media theft, Zixit doesn't make any removable media backups of the email messages it stores. The company also enforces a sender-configured expiration date, after which Zixit permanently erases all copies and records of the email. Zixit strictly schedules and adheres to third-party audits of its security procedures. In addition, the company reviews access logs for any unauthorized entry attempts and forwards the information to law enforcement authorities. In my opinion, the company is trustworthy.
ZixMail's pricing is very simple—an annual cost per email address of $24, with bulk email agreements available based on volume. ZixMail doesn't put limits on the number of transmitted messages, providing an affordable solution to the email security problem.
