Bitte aktivieren Sie JavaScript in Ihrem Browser, um alle Funktionen dieser Seite nutzen zu können.
You need to activate JavaScript in your browser to use all the functions on this page.

Z1 SecureMail:
The Gateway for Encryption and Signing of Business Emails

Security, Data privacy, and compliance easily automated.

The clever solution: Z1 SecureMail featuring CertMagic®.

    • Encryption & Signing following international standards: S/MIME, OpenPGP plus password based encryption
    • Gateway and email certificates from a one-stop shop with affordable certificate prices in a subscription model
    • Up to 80% less effort in certificate handling compared to standard gateways on the market
    • Positive professional image with communication partners – automated key exchange saves effort also on their end
    • Competent renowned Zertificon manufacturer support in German and English

Benefits of email encryption at the gateway

Confidential email with business partners and individuals

Suitable for EU GDPR compliance

Encryption is no longer being forgotten

Automated encryption and decryption

Set and validate email signatures

All security actions are auditable

Easy installation & administration

No training effort for your staff

How does it work?

Fig. Each email is individually encrypted according to the recipient’s capabilities.

Centralized Automatic
Email Encryption and Signature with a Gateway

Z1 SecureMail Gateway comes as a virtual email encryption appliance which integrates seamlessly into an existing email infrastructure. As an SMTP proxy it processes the entire company-wide email traffic. The Z1 SecureMail Gateway operates as a virtual mail room – processing incoming and preparing outgoing mail. It encrypts and signs outgoing mail whilst decrypting and validating the signature of incoming items. Suspicious emails are automatically blocked and the internal recipient informed. The complete email processing is performed according to ‘Z1 Policies’ which can be fully configured using the web-based administration interface. Z1 SecureMail Gateway works silently and transparently in the background. Sending and receiving emails remains the same for employees.

S/MIME certificates, OpenPGP keys, and passwords

Automated email certificate management with CertMagic®

Automated certificate procurement as subscription

Z1 SecureMail contains technical interfaces to various recognized, certified trust centers. The procurement of your own employee certificates is easy and very competitively priced.

Procurement and call-off for certificates - centralized and automated

Z1 SecureMail ONE always includes certificates from SwissSign for all users. We also recommend a certificate subscription for individual offers for Z1 SecureMail Gateway. Similar to a flat rate, you have absolute cost transparency with maximum flexibility. You are not charged for each individual certificate issued, but for a fixed number of certificates. It is not the number of certificates issued that counts, but the number of certificates active at the same time. Compared to individual billing, you save money on erroneous issues and employee fluctuation.

We automate certificate exchange for you
The real challenge with email encryption and signing is the exchange of certificates with the communication partners. The certificates contain the public keys that are used for encryption and signature verification. Zertificon is the creator and operator of Z1 Global TrustPoint, the independent certificate search engine on the Internet. Here your certificates can be found by others. You can find the certificates of your communication partners there. Your Z1 SecureMail is connected to the Z1 Global TrustPoint and automates the exchange of certificates in real time. This is an important component that allows you to experience CertMagic® with up to 80% savings in certificate management effort.

OpenPGP key management

OpenPGP does not recognize any official certification authorities. Therefore, the handling of public OpenPGP keys cannot be completely automated. However, with Z1 SecureMail you can manage the process easily.
Automate and manage OpenPGP keys
Z1 SecureMail contains an OpenPGP key generator. This allows you to automatically issue OpenPGP keys for all employees. These are published on the Z1 Global TrustPoint so that your communication partners can easily find and validate them. It is also possible to import existing OpenPGP keys.
Root Signer Key simplifies the trust process
Z1 SecureMail provides you with a root signer key for OpenPGP, which is used to sign all keys created on your Z1 SecureMail system. Agree with your business partners that they will import your OpenPGP keys and thus automatically accept your OpenPGP keys. On the other hand, you can also import third-party root keys into your Z1 SecureMail and thus simplify the trust process. This makes email encryption for companies very efficient, even with OpenPGP.

Spontaneous email encryption without certificates with Z1 SecureMail (formerly Z1 SecureMail Messenger)

Z1 SecureMail provides encryption with passwords for email exchange with communication partners such as end customers and business partners who do not have certificates.
Send secure webmail or emails as an encrypted PDF
With Z1 SecureMail ONE you will have a secure webmailer. You send emails as usual via your mail program. If no keys are found for the recipients, Z1 SecureMail delivers emails via a secure web portal. With Z1 SecureMail Gateway delivery as encrypted PDF is also an option (see Description of services). A function for encrypted replies is always included.
Intuitive user guidance in your corporate design
You can customize the web interface of your Z1 SecureMail directly in the administration interface without any programming knowledge. Upload your logo and set the color values to match your corporate design.
Language selection for secure webmail and notifications

Z1 SecureMail is delivered with German and English language for the user interface of the secure webmailer and the notification emails. Other languages are available on request via Zertificon and can alternatively be added directly via the web-based administration interface (other languages are currently not available in the Z1 SecureMail ONE offer).

Intuitive, secure webmailer for exchanging encrypted messages (formerly Z1 Messenger)

Email encryption on-premises, in the cloud, or as SaaS?

Email encryption in the cloud or on-premises

Z1 Virtual Appliance runs on-premises and in the cloud 

In your own data center, in the cloud or as a hybrid solution: Z1 SecureMail Gateway is easily and quickly integrated into your existing email infrastructure. Z1 SecureMail is ideally suited for operation with Microsoft 365 and Google Workspace. The anti-spam functions of cloud providers such as Exchange Online Protection (EOP) can be combined with Z1 SecureMail. You receive Z1 SecureMail on a virtual Z1 appliance with a hardened operating system based on Debian Linux.
  • Supported virtualization environments for the Z1 Virtual Appliance Platform
    All listed environments support the integration of NetHSMs.
    run Z1 encryption products on VMware vSphere ESXI Hypervisor ≥ 6.7 Workstation Pro / Workstation Player ≥ 14.0
    run Z1 encryption products on Citrix Xen XenServer Free / Standard / Enterprise Edition ≥ 7.0
    run Z1 encryption products on HyperV Windows ≥ 2016
    run Z1 encryption products on PROXMOX Proxmox VE 7.3.x, 7.4.x, 8.1.x

Email Encryption as a Service

Would you like to operate Z1 SecureMail Gateway as a Software-as-a-Service (SaaS)? We will be happy to put you in touch with one of our MSSP Partners, where you will receive managed services or even email encryption as a fully managed service. If you are interested, please write a short message in the free text field of our request form.
Hosted Email Encryption as SaaS
Over 25% of the 100 German companies with the highest turnover already encrypt with the proven Z1 SecureMail Gateway.

Dear SMEs: We have developed the Z1 SecureMail ONE package especially for your requirements of up to 100 users. It is quick and affordable to purchase, starting at EUR 5 per user per month as an online subscription with a minimum term of just 6 months. S/MIME certificates are already included and administration has been significantly simplified. With Z1 SecureMail ONE, the encryption gateway for SMEs, you get enterprise technology at an SME price, to put it another way.

Z1 SecureMail ONE is currently limited to 100 users and is only available as self-hosted software.

A SaaS offering is in preparation and planned for 2024. Subscribe to our Zertificon Newsletter, to be informed about new developments.

Optional Extension: Z1 MyCrypt Outlook Add-In

S Outlook Encryption Plugin: Z1 MyCrypt encryption trigger Z1 SecureMail Gateway security actions from your mail client
User control through selection of security levels

Create different security levels that your employees can select for each email before sending. For each security level, you assign specific actions such as encryption or signing, which are executed centrally at the gateway. Security and compliance can then be implemented without your employees having to deal directly with encryption tasks.

The client extension for MS Outlook is currently not included in Z1 SecureMail ONE. Z1 MyCrypt is optionally available for Z1 SecureMail Gateway. Z1 MyCrypt can only be used together with a validly licensed Z1 Server product (see service description).

FAQ about Z1 SecureMail

Test and Operation

  • What are the minimum technical requirements for operation?

    The following technical requirements must be met for the operation of Z1 SecureMail:

    • Own mail server, alternatively Microsoft 365 or Google Workspace packages with mail function and PORT 25 sending option.
    • Own email domain with access to DNS configuration for domain validation in the certificate reference
    • Virtual server with dedicated line to the Internet or fixed IPv4 address
      e.g. bookable with Hetzner or IONOS.
      The configurations of the packages depend on the load.

    Z1 SecureMail ONE sample configuration

    for 50 users and average email size of 200 kB

    Minimum 8 GB RAM, 2 CPUs, 80 GB storage

  • How do I get a 30-day trial license for Z1 SecureMail?
    Test licenses only as part of a PoC

    We only issue 30-day test licenses for complex issues and integration challenges as part of a commissioned PoC.

    Beforehand, all questions must be qualified with us in a consultation. Please contact our sales team via the enquiry form.

    Pose your questions in the next live webinar

    For all other questions about the operation and integration of Z1 SecureMail, please refer to our live online webinars with product demo.


  • Does Z1 SecureMail work with Microsoft 365 or Google Workspace?

    Yes, there is an integration mode for Z1 SecureMail with Microsoft 365 and Google Workspace. The integration is widely used and easy to implement following our instructions.

  • In which virtualization environments can Z1 SecureMail be operated?
    run Z1 encryption products on VMwarevSphere ESXI Hypervisor ≥ 6.7
    Workstation Pro / Workstation Player ≥ 14.0
    run Z1 encryption products on Citrix XenXenServer Free / Standard / Enterprise Edition ≥ 7.0
    run Z1 encryption products on HyperVWindows ≥ 2016
    run Z1 encryption products on PROXMOXProxmox VE 7.3.x, 7.4.x, 8.1.x

Your question was not listed? Please use the contact form further down on this page.

Contact form for general questions about Z1 SecureMail

For price information or project enquiries, please use the enquiry form.
This is the quickest way to contact sales.

Company Details

Contact person

Data privacy notice

We will process your personal data as described in our privacy policy.

WordPress Cookie Plugin by Real Cookie Banner