- Secure Business Email
- Solutions
- Use Cases
- Knowledge
- Secure File Transfer
- AS4 Energy
- Solutions
- Benefits
- Relevant blog posts
- Partner
- Company
- Company
- Support
- Jobs
Enterprise Email Encryption
GDPR compliant email encryption gateway for enterprises
– encrypt emails easily at any time with anyone –
effective protection against economic and industrial espionage
Z1 SecureMail Gateway provides security and compliance for all your emails. It is highly automated, fail-safe and encrypts emails faultlessly. Secure email is easily realized with business contacts or end customers. Z1 SecureMail Gateway works with any counterpart whether it is gateway to gateway encryption or secure email delivered from your gateway to a private webmail account. You get highest security standards and easy compliance including the EU GDPR naturally.

Easy Mail Compliance (EU GDPR)
Don’t worry about GDPR fines or personal liability in IT compliance issues. Centrally configurable security policies (Z1 Policies) make sure you don’t need to rely on the judgement of individual employees when dealing with highly sensitive information. You don’t even need to invest in any IT Security awareness training for confidential email exchange. With Z1 SecureMail Gateway policies there won’t be any EU GDPR compliance violations due to accidental misuse or forgotten encryption operations. Z1 policies ensure that all users that deal with personal data can only send encrypted messages. All security actions are traceable through always-on logging and monitoring in the graphical administration web interface.

Industrial Espionage Defense
Z1 SecureMail Gateway provides you with military grade encryption, enabling effective protection against industrial espionage and foreign governmental spy programs. The gateway encrypts the actual email content not only the transport channel. Even if providers are obliged to pass your data to secret agencies all they can provide is illegible text: encrypted data.
Maximum Email Security – Made in Germany
Zertificon‘s email encryption software is developed exclusively in Germany. Our software bears the TeleTrusT quality seal “IT Security made in Germany”: it claims among other definitions „no backdoors“. Z1 SecureMail Gateway utilizes open standards with the maximum possible key length, which are recognized and recommended by experts worldwide. You get maximum protection paired with efficiency and great usability, in a nutshell: State of the Art email encryption – made in Germany.
How does it work?
Each email is individually encrypted according to the recipient’s capabilities.
Centralized Automatic
Email Encryption and Signature
Z1 SecureMail Gateway comes as a virtual email encryption appliance which integrates seamlessly into an existing email infrastructure. As an SMTP proxy it processes the entire company-wide email traffic. The Z1 SecureMail Gateway operates as a virtual mail room – processing incoming and preparing outgoing mail. It encrypts and signs outgoing mail whilst decrypting and validating the signature of incoming items. Suspicious emails are automatically blocked and the internal recipient informed. The complete email processing is performed according to ‘Z1 Policies’ which can be fully configured using the web-based administration interface. Z1 SecureMail Gateway works silently and transparently in the background. Sending and receiving emails remains the same for employees.
Email encryption on-premises, in the cloud, or as SaaS?

Z1 Virtual Appliance runs on-premises and in the cloud
Z1 SecureMail Gateway integrates easily and quickly into your existing email infrastructure. Whether you use your own data center, the cloud, or a hybrid solution. Integration with M365 or Google Workspace is also seamless. Z1 SecureMail Gateway is delivered as a Debian-based Linux virtual Z1 Appliance. Find More information:Email Encryption as a Service
Would you like to operate Z1 SecureMail Gateway as a Software-as-a-Service (SaaS)? We will be happy to put you in touch with one of our MSSP Partners, where you will receive managed services or even email encryption as a fully managed service. If you are interested, please write a short message in the free text field of our request form.
Certificate and Key Management Challenge
Z1 SecureMail Gateway uses the popular worldwide PKI standards S/MIME and OpenPGP for email encryption and digital signing. Z1 SecureMail Gateway automatically and centrally encrypts and decrypts all in- & outbound emails whilst at the same time managing all the keys for internal and external users. This solves the main challenge of secure email encryption solutions: the efficient operation of PKI based email encryption.
For further information about keys and certificates download our White Paper: Secure email in times of rising mobile communication – Applied cryptography: Certificates, Gateways & End-to-End Encryption.
Internal Certificates and Keys
Managed PKI – automated S/MIME certificate procurement

Certificates for internal users and domains can be obtained at all officially recognized Certificate Authorities. With our Z1 KeyManager and optionally available CA Connectors you can automate the purchase process with a selection of Certificate Authorities such as SwissSign or TeleSec. This guarantees a professional and efficient certificate management. This one stop shop approach reduces your administration and accounting efforts for your S/MIME email gateway.
Keys for internal users can also be created and signed with the aid of the OnBoard CA. Existing keys can be simply imported, activated, and used directly for encryption and/or digital signing. The lifecycle management for keys and certificates is highly automated and efficient.
External Certificates and Keys
The integrated Z1 CertServer component independently performs the fetching, storing, validation and administration of certificates for all external communication partners. Z1 SecureMail Gateway is delivered with a predefined editable set of the most important Certificate Authorities and LDAP directories.

TLS 1.3, VPN and De-Mail
Encrypted Channels for the secure transfer of email have become well established. A German technical guide from the ministry for security in information technology sets the minimum standard for federal agencies TLS 1.3. Z1 SecureMail Gateway supports TLS according to the current standard. Other encryption methods for secure channels for email transfer are supported.
VPN Connections for continuous communication can be configured via the administration interface.
German De-Mail customers can use our special optional extension De-Mail-Connector. This enables the use of Z1 SecureMail Gateway as a De-Mail Gateway. Zertificon is not a De-Mail Service Provider.

Z1 MyCrypt Outlook Add-In

Z1 MyCrypt Outlook Add-In
Optional MS Outlook client extension
The Z1 MyCrypt SecureMail Outlook add-in reduces applying mail encryption and signature to a simple click. Depending on the mail content your staff decides about the security needs of an email. Existing Z1 security policies cannot be overruled. Only security enhancing actions can be applied.
Z1 MyCrypt is available as Outlook add-in for Z1 SecureMail Gateway.
The use of the plugin is optional. It will not run without a Z1 SecureMail Gateway connection however.
Z1 SecureMail Gateway feature overview
Key Functions
- Central email encryption and digital signing with PKI (S/MIME, OpenPGP)
- Secure email Delivery with keyless encryption using passwords for B2C
- Self-Service user password management with customizable user front-end
- Automatic key and email certificate administration for users, group and domains
- Automatic email certificate search and real-time validation
- Central email signature management
- Centrally configurable policies for compliance enforcement
- Optional user commands to let your staff decide about encryption
- Gateway-to-Gateway encryption
- Secure Transport via TLS and VPN
Advantages
- Flexible integration into all environments, including Microsoft 365 (formerly Office 365)
- Rapid installation within hours into standard infrastructures
- Centralization of company-wide security policies
- Transparent for internal users – no training required
- Optimized Z1 Appliance Platform with full service
- Minimum administration and maintenance.
- Flexible scalability
- High performance, load balancing and redundancy
- Cluster capable
- Multi-tenancy
Options
- Internal & End-to-End Encryption & digital signing
- Integrated automatic certificate procurement from renowned CAs
- Synchronization with ERP directories e.g. Active Directory, Lotus Notes
- Attachment processing including proprietary formats. e.g. EDI, CAD
- Managed PKI – direct connection to Certificate Authorities
- De-Mail and Governikus connection; further connections available on request
- Integration of Hardware Security Modules (HSM)
- Extension for the German Energy Market Communication with AS4
Print Z1 SecureMail Gateway Overview