ZSentry Mail Click to print

Our Vision and ZMAIL

Six Degrees Of Separation is the theory that anyone on Earth can be connected to any other person on the planet through a chain of acquaintances that has no more than five intermediaries. The theory was investigated in a 1967 experiment by the social psychologist Stanley Milgram, at Yale University.

In 2001, Duncan Watts, at Columbia University, recreated Milgram's experiment on the Internet. Watts used an email message as a "package" that needed to be delivered between two persons. After reviewing the data collected by 60,000 senders and 18 targets (in 166 countries), Watts found that the average number of intermediaries was, indeed, six.

PROBLEMS SOLVED

Using intermediaries (persons or service providers) to connect to another person may help not only to discover a connection route but also improve reliability by providing alternative routes. Email communications use a large number of intermediaries (including the sender's SMTP server, the recipient's POP mailbox server, DNS servers, email relays, spam filters, virus scanners, content scanners, and routers). Intermediaries, however, introduce their own operating and legal rules, and may fail or be compromised. Cost, privacy, and trust are additional issues to be considered for each intermediary. Therefore, it is desirable to have the least possible number of intermediaries.

Email offers an easy way to communicate with anyone in the world, and search engines can help find anyone's email address. However, a major problem with using email addresses to connect two persons is that you do not really know who sent the message to you -- it could have been anyone, not just the claimed person. It is also easy to intercept email messages, which means that anyone can receive it, not just the intended person. The message route can go anywhere across the globe even if you are in the same room as the recipient. The connection is also neither private nor secure, which means that anyone can tamper with or eavesdrop on the message before it is delivered to the intended person -- if it is delivered at all.

Adding privacy and security when connecting to another person, for example with cryptography, tends to reduce usability. Cryptography is difficult to use, is not human-friendly in many ways, and can be blocked by over-greedy filters. Therefore, it is desirable to avoid users' blank stares and questions, as well as faulty actions caused by cryptography. If security is too difficult or annoying, users may give up on it altogether.

THE ZMAIL SOLUTION

The ZMAIL solution, user-friendly and very simple to use, flattens the six degrees of separation and assures privacy and security.

In 2005, NMA, Inc. launched ZMAIL (ZSENTRY MAIL), allowing any two persons in the world to be privately and securely connected using their existing email addresses, which addresses are then known to both persons to be what they claim to be, with zero intermediaries. ZMAIL uses the targetless ZSENTRY secure access technology developed by NMA, with spoof prevention and two-factor authentication. ZMAIL uses standard cryptographic functions for strong authentication and 128-bit encryption.

ZMAIL is an email interface -- ZMAIL does not change email, does not receive email and does not host email addresses for users. With ZMAIL:

  • any existing email address can be used
  • there is nothing to download
  • communication is spontaneous, there is no prior arrangement
  • senders cannot fake their email addresses
  • messages are received as they were sent
  • only the respective recipients can read messages sent to them
  • cryptography does not stand in the way of users
  • there are no intermediaries
  • you can send secure email to anyone and it's free for personal use
  • you can receive secure email from anyone and it's always free to decrypt and reply

VISION

"To securely connect anyone on Earth to any other person on the planet without intermediaries and without perceived use of cryptography."

ZMAIL

ZMAIL is an email interface for Windows, Mac OSX, or Linux. With nothing to download, ZMAIL presently supports Secure Email, Secure IM, Secure Data Storage, Secure Voting, Secure Contacts, and Secure Login:

  • Receive: You receive ZMAIL at your INBOX. You use your existing email address, your current software (e.g., Outlook, Thunderbird, Mac Mail, Firefox, Internet Explorer, Safari), and ISP or webmail provider.
  • Decrypt & Verify: You decrypt and digitally verify ZMAIL with a single click, right at your INBOX, or using the ZMAIL interface. Your decryption key is not at risk anywhere.
  • Sign, Encrypt & Send: You digitally sign, encrypt and send ZMAIL from your own email address, using the ZMAIL interface. Your signing key is not at risk anywhere.
  • Secure IM: You use the ZMAIL interface for encryption, decryption, and digital signature, with your own screen name and provider.
  • Secure Data Storage: You use the ZMAIL interface to digitally sign and encrypt a secure file that you can store anywhere, even in free public spaces, allowing you to keep a secure record of your email messages and sensitive documents. To decrypt and digitally verify, you use the ZMAIL interface.
  • Secure Voting: ZVOTE (a ZMAIL application) is used by the election's manager to send digitally signed, encrypted, time-controlled, and delivery-certified ballots to ZMAIL-verified voters, who can then reply directly from their INBOX using ZMAIL to encrypt and cast their votes, privately and securely. Voters can register after they receive their ballots.
  • Secure Contacts: You use the ZMAIL interface to encrypt, decrypt, save, and manage an Address Book for communication with your ZMAIL contacts, that only you can access. You are not burdened with key management for you, your contacts, or by any other cryptographic function.
  • Secure Login: Access to the ZMAIL interface is granted by means of a simple, two-factor ZSENTRY login that looks like the familiar username / password login divided in two screens. After a first-time login per session, you can re-login with a single click.

ZMAIL can be web-hosted or local. Web-hosted ZMAIL is operated worldwide at zsentry.com as a service by NMA, Inc., with a range of subscription levels for multi-user PREMIUM accounts, and no-cost single-user BASIC accounts for personal use. It is free to read and reply to any ZMAIL message; it is free to send ZMAIL for personal use. For corporations, ZMAIL can also be locally hosted, offering services isolated from and / or federated with the web-hosted ZMAIL.

ZMAIL does not change email. ZMAIL works as an email interface, using technologies already built into the software you already have, including your operating system, browser and email agent. ZMAIL has no download, no installation process, and presents no additional security risk for the client. ZMAIL does not require Java, ActiveX controls, or custom plugins. JavaScript and cookies are used for improved functionality but are not required to use the ZMAIL interface, which you can use from any computer, even small handheld units.

ZMAIL does not change the way you work. With ZMAIL, your choice of using secure email will not burden you or your recipients, or anyone who wants to send messages to you, with acquiring digital certificates, software installation, updates, training or cost. Communication is spontaneous, there is no prior arrangement.

ZMAIL protects and simplifies your login. Login spoofing and phishing are prevented by a return code included in the two-factor ZSENTRY login. Dictionary attacks on users' passwords are prevented by using unpredictable but mnemonic usernames (called usercodes). The "Peek" function lets you securely verify your entries for username and password, which are otherwise shown as "**********", allowing typing errors to be detected. In case of loss or suspected compromise, you can securely reset your password and username; PREMIUM users can also set a credential recovery service based on a private question and answer.

ZMAIL protects your privacy, private data and keys. The targetless ZSENTRY secure access technology used with ZMAIL eliminates otherwise hard-to-secure targets: your decryption key, your signing key, your username, your password, and your return code are not at risk anywhere. For lack of a decryption key anywhere (a target that could be attacked), only you can access your encrypted Address Book, account information and other private data. Your name and email address are also encrypted, for use by ZMAIL.

VERSATILITY, SINGLE INTERFACE

ZMAIL offers the versatility that you need today and tomorrow, in a single interface with easy-to-use tools for secure communication. In the XXI-century, communication needs to be more than just a text message that is sent (conventional email), while communication tools need to be less time-consuming.

With ZMAIL, you use a single interface to easily send and receive secure messages in any language, as simple text, as a visually-appealing rich text (HTML) page with images and text colors, as an input form using a database or XML scheme, and as a file.

ZMAIL lets you control the messages you send even after they are sent, helping you directly reduce exposure, risk, and legal liability. For example, you may want your message not to be readable until a certain date (ZMAIL global Release Time), to self-destruct (ZMAIL global Expiration Time) after a number of days you choose, or to be readable only after the recipient agrees that a return receipt will be sent back to you upon decryption (ZMAIL Certified Delivery). ZMAIL Certified Delivery is also important when you want to make sure that the recipient did receive and open your message (for example, an e-ticket, or a purchase confirmation).

Most organizations pay for delivery today. The ZMAIL difference is that ZMAIL provides both Certified Delivery and assured deliverability (without requiring recipient confirmation) at no extra cost to you or your recipients. ZMAIL messages conform to all email standards. Automatically selected optimization filters assure deliverability of messages right to the INBOX of each recipient (e.g., your customer) at Yahoo, AOL, AIM, Hotmail, Gmail, or their ISPs (e.g., john@company.com), with the trust symbol [ZMAIL] in the Subject line. After a first-time login per session, each received ZMAIL message can be securely verified and decrypted by the recipient with a single click. Because each received ZMAIL is so verified, both the recipient and the sender can feel more secure against fraud and phishing.

ZMAIL also lets you control message flow, in small offices or large corporations, for processes requiring message auditing (ZMAIL Fingerprint), secure message escrow (ZMAIL Escrow, PREMIUM users only), and cross-organizational workflow (ZMAIL Custom Application, PREMIUM users only).

Different requirements for the integrity and confidentiality of legal, health, credit, personal, and business records can be set per message or automatically followed for each case, based on user-defined ZMAIL profiles.

Once you are logged in to ZMAIL you can send secure messages to anyone in the world, with no pre-registration or previous contact, assuring your recipients that your email address is what it claims to be. PREMIUM users are further identified by their PREMIUM Seal in any ZMAIL they send, with their name, email address and organization name. PREMIUM account managers can add and delete PREMIUM users to their multi-user accounts, with a self-managed, simple ZMAIL invitation procedure.

Reciprocally, when you receive a ZMAIL message you know that the email address was not faked. No one else can send a ZMAIL using the sender's email address, preventing spoofing and phishing at the source of the problem. Only the sender or the recipient can read a ZMAIL that is addressed to a recipient and requires login to read. While the message is still encrypted, the ZMAIL has a cleartext warning that the message is confidential and should only be read by the recipient, that access is monitored, and that any unauthorized attempt to access the message may be considered trespassing.

If the sender allows it, ZMAIL offers an additional, secure, and very user-friendly way to read ZMAIL. The recipient is not required to login or even register in order to read the message once (reply requires login). The recipient receives the ZMAIL in her INBOX and has to click READ (i.e., perform an action). After the message is accessed once, any second attempt shows a notice that the message was already accessed once and can only be read again after login or registration.

This is the same method used by Quantum Key Distribution (here, without QKD) and is verifiably secure. If the recipient can prove to herself that the ZMAIL was not read before (by not seeing the notice), she knows that the ZMAIL contents are, indeed, secret.

Conversely, if the recipient sees the notice but did not read the ZMAIL before, ZMAIL administration has additional system logs that can be used to identify the IP number and other access data for any previous access of that type of message (i.e., read once), to investigate and possibly report any criminal activity to law enforcement.

With ZMAIL, you can feel more secure sending and receiving confidential information. You can be sure that there are really no intermediaries between you and anyone else who you are communicating with, either as recipient or sender of a message. Because every ZMAIL message has authenticated sender and recipients, is digitally signed, and is encrypted end-to-end, any potential intermediary (e.g., used for transport, permanently placed at gateways or even covertly inserted) cannot tamper with or eavesdrop on the message. You can also send ZMAIL that does not look like an encrypted email message, preventing over-greedy filters at the recipient side from blocking your messages or triggering unsavory notices.

There are many other useful features in ZMAIL. For example, when sending a ZMAIL to multiple recipients, you can choose to use "Separate-To", which hides from each recipient who the other recipients might be (so you do not have to use "undisclosed-recipients" any more). You can also choose to encrypt the email Subject and, instead, send your name as the visible email Subject. When the ZMAIL is sent, the email Date is a verified timestamp that both sender and recipient can trust, synchronized to NIST atomic-clock time. Recipients can flip the email Date to see it in GMT time or in their own local time. A ZMAIL Envelope can be added, with cleartext information, to help the recipient prioritize reading the ZMAIL. Senders can include files without using annoying email attachments -- the ZMAIL is received as a single email, with no visible email attachment before it is decrypted.

END SPAM, STOP ABUSE

The end of spam? Check your INBOX or spam folder: almost every spam message that you receive comes from a fake sender email address; it was never sent by the purported sender. You frequently receive email messages from yourself, for example, that you never sent. Spammers hide behind always-changing fake addresses to avoid black lists and accountability. With ZMAIL, however, you can immediately (and automatically, if you want) prioritize messages that do originate from the email addresses they claim to be from.

In addition to blocking spam, knowing that the sender's email address is correct provides recourse if a message is abusive. Not only you can reach back to the sender and request to be unsubscribed, or you can block that email address, but you can also contact ZMAIL and report that sender. ZMAIL, web-hosted or local, has a zero-tolerance abuse policy that can result in the immediate termination of the sender's ZMAIL account and other measures, as appropriate, if spam or abuse is confirmed.

ZMAIL is about the security and privacy of your communications.

The contents of this entire site and domains zsentry.com are © Copyright, NMA Inc., 2006. All rights reserved, worldwide. Titles and product names are trademarks of NMA, Inc., including NMA, ZSENTRY, Return Code and ZMAIL. Patent pending.