Bitte aktivieren Sie JavaScript in Ihrem Browser, um alle Funktionen dieser Seite nutzen zu können.
You need to activate JavaScript in your browser to use all the functions on this page.

Z1 SecureMail for companies of all sizes

Self-hosted on-premises or in the cloud, integrates easily with Microsoft 365

Z1 SecureMail
ONE

Gateway for SMB up to 100 users

  1. Encrypt and Sign
  2. S/MIME, OpenPGP, Password
  3. GDPR compliant

from 5,00 EUR user/month

Email certificates included

Z1 SecureMail
Gateway

same as Z1 SecureMail ONE, plus

  1. Optional multitenancy
  2. Optional high availability
  3. Choice of Certification Authorities
  4. Service hotline support

Z1 SecureMail
Enterprise

same as Z1 SecureMail Gateway, plus

  1. Project specific integrations
  2. Active/Passive Licensing
  3. 24×7 Enterprise Support
  4. Individual contracts & SLAs

Compare Z1 SecureMail products and plans

Features and Functions Z1 SecureMail
ONE
Buy online
Z1 SecureMail
Gateway
Request Offer
Z1 SecureMail
Enterprise
Request Offer
Automated email encryption/decryption using S/MIME or OpenPGP
Confidential, encrypted, and compliant business communication with contacts who provide certificates or keys. S/MIME and OpenPGP are supported.
Automated email encryption/decryption using S/MIME or OpenPGP
Digital Signing for outgoing emails
Outgoing emails are automatically digitally signed based on certificates. Digital signatures build trust in digital communication. Your contacts can verify the email signatures to determine if the message truly comes from you and whether the content has been altered..
Digital Signing for outgoing emails
Signature validation for incoming emails
The digital signatures of incoming emails are verified. The result of the verification is appended to the original email sent to the recipient in your company. This allows your employees to immediately determine the trustworthiness of each email they receive.
Signature validation for incoming emails
Secure webmailer in your corporate design
Emails are encrypted and delivered to a secure HTTPS webmailer that you operate within your own infrastructure through Z1 SecureMail. The email recipient receives a notification to their standard mailbox for each newly incoming email. A reply function is included in the webmailer. The user interface can be easily customized to your corporate design using a special Theme Editor, even without HTML and CSS knowledge.
Secure webmailer in your corporate design optional optional
Delivery as encrypted PDF attachment
Emails are converted into PDF files and then transmitted to the recipients’ mailboxes. There is no storage on your server. The design of the PDF template is customizable to your corporate design.
Delivery as encrypted PDF attachment optional optional
Several account-activation methods
Accounts are automatically created for recipients of password-encrypted emails. Activation of the account by recipients can occur at various security levels, and 2-factor authentication is supported.
Several account-activation methods optional optional
Accountless Mode
With the Accountless Mode, you can use encrypted emails without recipients having to register. Each message is protected with a one-time password. Additional messages receive new passwords. This allows important documents to be sent in compliance with data protection at longer intervals without the need to keep an account active. You can choose to use the Accountless Mode with or without the option for a reply.
Accountless Mode optional optional
Debranding
Upon logging into the webmail account, your communication partner can discreetly recognize that you are using our solution through a subtle Zertificon logo. This logo can be hidden with appropriate licensing.
Debranding optional optional
Number of Domains/Subdomains
The number of your own domains or subdomains that you can manage in a Z1 product is limited to five in the Z1 SecureMail ONE product. For other Z1 SecureMail products, the number of domains or subdomains is individually negotiated.
Number of Domains/Subdomains 5 included optional optional
Domain validation
Guided process for domain validation with the corresponding trust centers.
Domain validation optional optional
S/MIME X.509 certificate procurement
We maintain longstanding partnerships with various trust centers and enjoy special reseller conditions, from which you can also benefit. Take advantage of getting solutions and services from a single source – for more information, visit Trustcenter Partnerships.
S/MIME X.509 certificate procurement user certificates included optional optional
Automated X.509 key and certificate creation for new users
Keys and certificates are automatically issued for all licensed users. No manual input is required for issuing user keys and certificates when onboarding new employees.
Automated X.509 key and certificate creation for new users optional optional
Onboard OpenPGP key generator
OpenPGP keys can be generated directly in the system.
Onboard OpenPGP key generator
Automated OpenPGP key creation for new users
For every newly created user, an OpenPGP key is automatically generated.
Automated OpenPGP key creation for new users optional optional
Central OpenPGP signer key
All OpenPGP keys created by you are counter-signed with your company’s central signing key. This makes your keys easily recognizable as trustworthy for third parties.
Central OpenPGP signer key
Lifecycle management for keys & certificates
For keys and certificates issued with Z1 SecureMail products, the management of the entire certificate lifecycle is automated. You don’t need to note any dates to manually create and publish new keys.
Lifecycle management for keys & certificates
Automated key & certifcate publishing
Your public OpenPGP keys and S/MIME certificates are automatically published on the certificate portal Z1 Global TrustPoint right after creation. Simply refer your contacts there and save time on manual key exchange. If your contacts also use Z1 products, the key exchange happens fully automatically on both sides. All Z1 SecureMail products are connected to Z1 Global TrustPoint.
Automated key & certifcate publishing
HSM support
Support for the integration of selected third-party Hardware Security Modules (HSMs) for storing private keys.
HSM support optional optional
Automated search and storage of certificates and public keys
Public keys and certificates from business partners and customers are automatically retrieved via Z1 Global TrustPoint. Certificates and CA key chains contained in signed email messages are automatically extracted and stored from email traffic.
Automated search and storage of certificates and public keys
Automated real time validation of S/MIME certificates
Certificates from business partners and customers are automatically validated. Certificate revocation lists (CRLs) of the issuing trust centers are checked, and the Online Certificate Status Protocol (OCSP) is used if necessary.
Automated real time validation of S/MIME certificates
Trust process for external OpenPGP keys
Since there are no OpenPGP certification authorities, you need to verify and decide whether to trust PGP keys sent or found in directory services. To use PGP keys stored in Z1 Global TrustPoint, you are offered an acceptance option with the notification.
Trust process for external OpenPGP keys
Central rules for encryption and signing
Configure rule-based policies – ‘Z1 SecureMail Policies’ – for the central control of email message encryption and signing for all email addresses in your company. Compliance with regulations, such as GDPR, can be easily enforced throughout the entire company.
Central rules for encryption and signing
Blocking and alerting for suspiciuos emails
Automatic warnings for faulty signatures or invalid certificates are enabled by default. You can optionally block suspicious messages.
Blocking and alerting for suspiciuos emails
Allow user actions via subject line commands
User commands entered in the subject line allow the sender to trigger actions such as ‘Encrypt’ or ‘Sign’ for individual emails.
Allow user actions via subject line commands
Client plugin Z1 MyCrypt Mail
The Z1 SecureMail Add-in for Microsoft Outlook reduces the activation of email encryption and signature to a single click. Depending on the email content, your employees can decide on the respective security standard of an email.
Client plugin Z1 MyCrypt Mail optional optional
Encrypted email in your own company network
Choose or combine: Organizational end-to-end encryption with re-encryption on the gateway with a dedicated PKI for internal use OR Personal end-to-end encryption meaning the gateway cannot access the email content. The client plugin is optional.
Encrypted email in your own company network optional
Automated embedding of email sign off area with contacts details, disclaimers or event info
Central configuration for the automated insertion of text blocks such as a signature in the footer of an email with contact details, logo, liability, or event information. Inclusion of text blocks is set based on sender or recipient address, group membership, or domain name.
Automated embedding of email sign off area with contacts details, disclaimers or event info
Shared email volume
The volume of all incoming and outgoing emails is shared across the entire user base. If a user sends or receives less, other users can consume this free volume. With the maximum licensing of 100 users, Z1 SecureMail ONE has a maximum volume of 300,000 emails per month. You can view your consumption status at any time in the administration interface. You will also receive email notifications well before reaching the limit. Then you have the option to add additional volume via the customer portal within minutes.
Shared email volume 3.000 emails/ user/ month
High email volume
Licensed users can exceed the standard email volume of 3,000 emails/user/month. An initial estimate of the email volume is billed with advance payments. A monthly volume report is generated and usually billed quarterly based on consumption.
High email volume optional optional
Multiple tenants on one Z1 system
Operation of multiple customer organizations with independent configurations in one system. Multiple tenants can be managed with their own policies, administrator rights and roles, dedicated monitoring, and separate log files.
Multiple tenants on one Z1 system optional optional
Active/Passive Licenses
For users with Active licenses, personal certificates are issued. Users with Active licenses have access to all features. Z1 SecureMail ONE exclusively includes Active licenses. Passive licenses are limited to the use of domain certificates. They allow the reception of encrypted emails when encrypted with a domain certificate. No user certificates are issued for Passive users. Active encryption of emails is not possible. Users with Passive licenses also cannot send password-encrypted emails.
Active/Passive Licenses optional optional
Bulk import per CSV
Users and functional addresses can be exported from other directories and then imported into Z1 SecureMail as a CSV file.
Bulk import per CSV
Directory Connector
Automatic import of users/groups from Active Directory (AD) and LDAP directories.
Directory Connector optional
Standard Virtualization environments: VMware/vSphere, Citrix XenServer, Microsoft Hyper-V, Proxmox
Common virtualization environments for enterprises are supported in the current versions.
Standard Virtualization environments: VMware/vSphere, Citrix XenServer, Microsoft Hyper-V, Proxmox
On-Premises or Cloud
Z1 SecureMail is delivered as an ISO file. This is installed either On-Premises or in the Cloud on a virtual machine.
On-Premises or Cloud
Hardened Linux Debian operating system
Debian Linux as the operating system has been reduced to essential functions for operating our software. Unnecessary ports have been closed. Restrictive rights and system policies apply.
Hardened Linux Debian operating system
Z1 Appliance Management Software
Updates and standard configurations for the Z1 system are managed through the Z1 Appliance Management Software.
Z1 Appliance Management Software
Software- and Security updates
New software and security updates are displayed in the admin interface and can be installed with a click.
Software- and Security updates
Webbased Administration interface
All standard configurations can be made in the easy-to-use, browser-based administration interface.
Webbased Administration interface
Preconfigured Onboard Firewall
The onboard firewall secures your Z1 system against unauthorized access. Access is only possible via defined ports and from specific IP addresses.
Preconfigured Onboard Firewall
High Availability Cluster
Cluster logic enables features such as high availability or the setup of security zones.
High Availability Cluster optional optional
Distributed Installation
Multiple virtual machines run all or certain Z1 SecureMail components on separate machines in different networks.
Distributed Installation optional
Mail server on-premises or cloud
All standard SMTP/TLS mail servers can be used On-Premises, in the Cloud, or in hybrid scenarios with Z1 SecureMail.
Mail server on-premises or cloud
Microsoft 365 (formerly Office 365)
Only for business packages with Exchange email servers. Microsoft’s own solution, Exchange Online Protection (EoP), as a complete antispam and antivirus solution, can be seamlessly combined with Z1 SecureMail.
Microsoft 365 (formerly Office 365)
Google Workspace (formerly G Suite)
Only for business packages that contain email routing options.
Google Workspace (formerly G Suite)
Standard interfaces for integration of 3rd party services
Systems for antispam & antivirus, data loss prevention, and archiving can be connected via standard interfaces.
Standard interfaces for integration of 3rd party services
IONOS Cloud
Check cloud server options at ionos.com e.g. Cloud Server RAM L max. 48 EUR/ month – price last checked, April 2024.
IONOS Cloud, RAM optimized: Cloud Server RAM L
Hetzner
See Cloud offers at hetzner.com e.g. Shared vCPU (x86) CX31.
Hetzner Cloud, Shared vCPU (x86) CX31 or higher
Microsoft Azure
For email processing, Z1 SecureMail needs to send to Port 25 of other mail servers. In many cases, sending to Port 25 can be opened through a Microsoft Azure support ticket. A prerequisite for this usually is a Microsoft Azure Enterprise Agreement. Please check the Microsoft Azure documentation for further information.
Microsoft Azure Microsoft Enterprise
Agreement needed
Microsoft Enterprise
Agreement needed
Zertificon manufacturer support German & English
Our own Zertificon in-house support team assists you in the optimal use of our Z1 solutions. We speak German and English. Technical support is offered for the current and previous versions of the software.
Zertificon manufacturer support German & English
Detailed Documentation
The manuals contain explanations of basic concepts and many step-by-step instructions. The documentation is available as online help and PDF. It is illustrated with numerous screenshots and schematic drawings for better understanding. The documentation is written in simple English.
Detailed Documentation
Z1 SecureMail ONE Self-Service
Z1 SecureMail ONE customer portal with help pages (manuals, FAQs, videos).
Z1 SecureMail ONE Self-Service
9/5 Ticket-based Zertificon Support
We respond to your online-created support tickets during regular office hours.
9/5 Ticket-based Zertificon Support
Service Hotline
You can reach our support by phone. Even with calls, further processing is transferred to our ticket system for better tracking.
Service Hotline
24/7-Support
Customers with 24/7 support receive fast response times even outside office hours.
24/7-Support optional optional
Individual SLAs
Individual Service Level Agreements (SLA) are available for Enterprise customers.
Individual SLAs optional

Do you have any questions?

For inquiries about Z1 SecureMail ONE please use this contact form.
For Z1 SecureMail Gateway or Enterprise inquiries please use our request form.

Company Details

Contact person

Data privacy notice

We will process your personal data as described in our privacy policy.

WordPress Cookie Plugin by Real Cookie Banner