- Secure Business Email
- Solutions
- Z1 SecureMail Gateway
Z1 SecureMail ONE
Email encryption for Businesses - Plans & Pricing
Overview Z1 SecureMail products Z1 SecureMail Webinars
Introduction
Register now→
Email encryption
with Z1 SecureMail
Duration: < 1 h
- Z1 SecureMail Gateway
Use Cases- EU NIS2 Directive
Email encryption and supply chain security - Email Encryption in the Cloud
Azure / M365, Google Cloud / Workspace - Employment Agencies
S/MIME certificate automation - Email Gateway for Universities
GÉANT TCS certificate management - Secure patient data
Secure GDPR compliant data exchange - Success Stories
- References
Knowledge - Secure File Transfer
- AS4 Energy
- Solutions
- Z1 Energy
Message broker for the energy sector Energy Webinars
Communication
Register now→
in the energy sector
with Z1 Energy
Duration: < 45 min
- Z1 Energy
BenefitsMarket processes - Partner
- Company
- Company
- Support
- Jobs
Z1 SecureMail for companies of all sizes
Self-hosted on-premises or in the cloud, integrates easily with Microsoft 365
Z1 SecureMail
ONE
Gateway for SMB up to 100 users
- Encrypt and Sign
- S/MIME, OpenPGP, Password
- GDPR compliant
from 5,00 EUR user/month
Email certificates included
Z1 SecureMail
Gateway
same as Z1 SecureMail ONE, plus
- Optional multitenancy
- Optional high availability
- Choice of Certification Authorities
- Service hotline support
Z1 SecureMail
Enterprise
same as Z1 SecureMail Gateway, plus
- Project specific integrations
- Active/Passive Licensing
- 24×7 Enterprise Support
- Individual contracts & SLAs
Compare Z1 SecureMail products and plans
Features and Functions | Z1 SecureMail ONE Buy online |
Z1 SecureMail Gateway Request Offer |
Z1 SecureMail Enterprise Request Offer |
---|---|---|---|
Certificate-based Email encryption and signing | |||
Automated email encryption/decryption using S/MIME or OpenPGP
Confidential, encrypted, and compliant business communication with contacts who provide certificates or keys. S/MIME and OpenPGP are supported.
|
|||
Automated email encryption/decryption using S/MIME or OpenPGP | |||
Digital Signing for outgoing emails
Outgoing emails are automatically digitally signed based on certificates. Digital signatures build trust in digital communication. Your contacts can verify the email signatures to determine if the message truly comes from you and whether the content has been altered..
|
|||
Digital Signing for outgoing emails | |||
Signature validation for incoming emails
The digital signatures of incoming emails are verified. The result of the verification is appended to the original email sent to the recipient in your company. This allows your employees to immediately determine the trustworthiness of each email they receive.
|
|||
Signature validation for incoming emails | |||
Keyless/password-based email encryption | |||
Secure webmailer in your corporate design
Emails are encrypted and delivered to a secure HTTPS webmailer that you operate within your own infrastructure through Z1 SecureMail. The email recipient receives a notification to their standard mailbox for each newly incoming email. A reply function is included in the webmailer. The user interface can be easily customized to your corporate design using a special Theme Editor, even without HTML and CSS knowledge.
|
|||
Secure webmailer in your corporate design | optional | optional | |
Delivery as encrypted PDF attachment
Emails are converted into PDF files and then transmitted to the recipients’ mailboxes. There is no storage on your server. The design of the PDF template is customizable to your corporate design.
|
|||
Delivery as encrypted PDF attachment | — | optional | optional |
Several account-activation methods
Accounts are automatically created for recipients of password-encrypted emails. Activation of the account by recipients can occur at various security levels, and 2-factor authentication is supported.
|
|||
Several account-activation methods | — | optional | optional |
Accountless Mode
With the Accountless Mode, you can use encrypted emails without recipients having to register. Each message is protected with a one-time password. Additional messages receive new passwords. This allows important documents to be sent in compliance with data protection at longer intervals without the need to keep an account active. You can choose to use the Accountless Mode with or without the option for a reply.
|
|||
Accountless Mode | — | optional | optional |
Debranding
Upon logging into the webmail account, your communication partner can discreetly recognize that you are using our solution through a subtle Zertificon logo. This logo can be hidden with appropriate licensing.
|
|||
Debranding | — | optional | optional |
Management of own keys and certificates | |||
Number of Domains/Subdomains
The number of your own domains or subdomains that you can manage in a Z1 product is limited to five in the Z1 SecureMail ONE product. For other Z1 SecureMail products, the number of domains or subdomains is individually negotiated.
|
|||
Number of Domains/Subdomains | 5 included | optional | optional |
Domain validation
Guided process for domain validation with the corresponding trust centers.
|
|||
Domain validation | optional | optional | |
S/MIME X.509 certificate procurement
We maintain longstanding partnerships with various trust centers and enjoy special reseller conditions, from which you can also benefit. Take advantage of getting solutions and services from a single source – for more information, visit Trustcenter Partnerships.
|
|||
S/MIME X.509 certificate procurement | user certificates included | optional | optional |
Automated X.509 key and certificate creation for new users
Keys and certificates are automatically issued for all licensed users. No manual input is required for issuing user keys and certificates when onboarding new employees.
|
|||
Automated X.509 key and certificate creation for new users | optional | optional | |
Onboard OpenPGP key generator
OpenPGP keys can be generated directly in the system.
|
|||
Onboard OpenPGP key generator | |||
Automated OpenPGP key creation for new users
For every newly created user, an OpenPGP key is automatically generated.
|
|||
Automated OpenPGP key creation for new users | optional | optional | |
Central OpenPGP signer key
All OpenPGP keys created by you are counter-signed with your company’s central signing key. This makes your keys easily recognizable as trustworthy for third parties.
|
|||
Central OpenPGP signer key | |||
Lifecycle management for keys & certificates
For keys and certificates issued with Z1 SecureMail products, the management of the entire certificate lifecycle is automated. You don’t need to note any dates to manually create and publish new keys.
|
|||
Lifecycle management for keys & certificates | |||
Automated key & certifcate publishing
Your public OpenPGP keys and S/MIME certificates are automatically published on the certificate portal Z1 Global TrustPoint right after creation. Simply refer your contacts there and save time on manual key exchange. If your contacts also use Z1 products, the key exchange happens fully automatically on both sides. All Z1 SecureMail products are connected to Z1 Global TrustPoint.
|
|||
Automated key & certifcate publishing | |||
HSM support
Support for the integration of selected third-party Hardware Security Modules (HSMs) for storing private keys.
|
|||
HSM support | — | optional | optional |
Management of your communication partner’s keys and certificates | |||
Automated search and storage of certificates and public keys
Public keys and certificates from business partners and customers are automatically retrieved via Z1 Global TrustPoint. Certificates and CA key chains contained in signed email messages are automatically extracted and stored from email traffic.
|
|||
Automated search and storage of certificates and public keys | |||
Automated real time validation of S/MIME certificates
Certificates from business partners and customers are automatically validated. Certificate revocation lists (CRLs) of the issuing trust centers are checked, and the Online Certificate Status Protocol (OCSP) is used if necessary.
|
|||
Automated real time validation of S/MIME certificates | |||
Trust process for external OpenPGP keys
Since there are no OpenPGP certification authorities, you need to verify and decide whether to trust PGP keys sent or found in directory services. To use PGP keys stored in Z1 Global TrustPoint, you are offered an acceptance option with the notification.
|
|||
Trust process for external OpenPGP keys | |||
Security functions | |||
Central rules for encryption and signing
Configure rule-based policies – ‘Z1 SecureMail Policies’ – for the central control of email message encryption and signing for all email addresses in your company. Compliance with regulations, such as GDPR, can be easily enforced throughout the entire company.
|
|||
Central rules for encryption and signing | |||
Blocking and alerting for suspiciuos emails
Automatic warnings for faulty signatures or invalid certificates are enabled by default. You can optionally block suspicious messages.
|
|||
Blocking and alerting for suspiciuos emails | |||
Allow user actions via subject line commands
User commands entered in the subject line allow the sender to trigger actions such as ‘Encrypt’ or ‘Sign’ for individual emails.
|
|||
Allow user actions via subject line commands | |||
Client plugin Z1 MyCrypt Mail
The Z1 SecureMail Add-in for Microsoft Outlook reduces the activation of email encryption and signature to a single click. Depending on the email content, your employees can decide on the respective security standard of an email.
|
|||
Client plugin Z1 MyCrypt Mail | — | optional | optional |
Client-based end-to-end-encryption | |||
Encrypted email in your own company network
Choose or combine: Organizational end-to-end encryption with re-encryption on the gateway with a dedicated PKI for internal use OR Personal end-to-end encryption meaning the gateway cannot access the email content. The client plugin is optional.
|
|||
Encrypted email in your own company network | — | — | optional |
Disclaimer Management / Central Email Signatures | |||
Automated embedding of email sign off area with contacts details, disclaimers or event info
Central configuration for the automated insertion of text blocks such as a signature in the footer of an email with contact details, logo, liability, or event information. Inclusion of text blocks is set based on sender or recipient address, group membership, or domain name.
|
|||
Automated embedding of email sign off area with contacts details, disclaimers or event info | |||
Email Volume | |||
Shared email volume
The volume of all incoming and outgoing emails is shared across the entire user base. If a user sends or receives less, other users can consume this free volume. With the maximum licensing of 100 users, Z1 SecureMail ONE has a maximum volume of 300,000 emails per month. You can view your consumption status at any time in the administration interface. You will also receive email notifications well before reaching the limit. Then you have the option to add additional volume via the customer portal within minutes.
|
|||
Shared email volume | 3.000 emails/ user/ month | — | — |
High email volume
Licensed users can exceed the standard email volume of 3,000 emails/user/month. An initial estimate of the email volume is billed with advance payments. A monthly volume report is generated and usually billed quarterly based on consumption.
|
|||
High email volume | — | optional | optional |
Multi tenancy | |||
Multiple tenants on one Z1 system
Operation of multiple customer organizations with independent configurations in one system. Multiple tenants can be managed with their own policies, administrator rights and roles, dedicated monitoring, and separate log files.
|
|||
Multiple tenants on one Z1 system | — | optional | optional |
User Management | |||
Active/Passive Licenses
For users with Active licenses, personal certificates are issued. Users with Active licenses have access to all features. Z1 SecureMail ONE exclusively includes Active licenses. Passive licenses are limited to the use of domain certificates. They allow the reception of encrypted emails when encrypted with a domain certificate. No user certificates are issued for Passive users. Active encryption of emails is not possible. Users with Passive licenses also cannot send password-encrypted emails.
|
|||
Active/Passive Licenses | — | optional | optional |
Bulk import per CSV
Users and functional addresses can be exported from other directories and then imported into Z1 SecureMail as a CSV file.
|
|||
Bulk import per CSV | |||
Directory Connector
Automatic import of users/groups from Active Directory (AD) and LDAP directories.
|
|||
Directory Connector | — | optional | |
Operating System & Administration | |||
Standard Virtualization environments: VMware/vSphere, Citrix XenServer, Microsoft Hyper-V, Proxmox
Common virtualization environments for enterprises are supported in the current versions.
|
|||
Standard Virtualization environments: VMware/vSphere, Citrix XenServer, Microsoft Hyper-V, Proxmox | |||
On-Premises or Cloud
Z1 SecureMail is delivered as an ISO file. This is installed either On-Premises or in the Cloud on a virtual machine.
|
|||
On-Premises or Cloud | |||
Hardened Linux Debian operating system
Debian Linux as the operating system has been reduced to essential functions for operating our software. Unnecessary ports have been closed. Restrictive rights and system policies apply.
|
|||
Hardened Linux Debian operating system | |||
Z1 Appliance Management Software
Updates and standard configurations for the Z1 system are managed through the Z1 Appliance Management Software.
|
|||
Z1 Appliance Management Software | |||
Software- and Security updates
New software and security updates are displayed in the admin interface and can be installed with a click.
|
|||
Software- and Security updates | |||
Webbased Administration interface
All standard configurations can be made in the easy-to-use, browser-based administration interface.
|
|||
Webbased Administration interface | |||
Preconfigured Onboard Firewall
The onboard firewall secures your Z1 system against unauthorized access. Access is only possible via defined ports and from specific IP addresses.
|
|||
Preconfigured Onboard Firewall | |||
High Availability Cluster
Cluster logic enables features such as high availability or the setup of security zones.
|
|||
High Availability Cluster | — | optional | optional |
Distributed Installation
Multiple virtual machines run all or certain Z1 SecureMail components on separate machines in different networks.
|
|||
Distributed Installation | — | — | optional |
Supported Email Infrastructures | |||
Mail server on-premises or cloud
All standard SMTP/TLS mail servers can be used On-Premises, in the Cloud, or in hybrid scenarios with Z1 SecureMail.
|
|||
Mail server on-premises or cloud | |||
Microsoft 365 (formerly Office 365)
Only for business packages with Exchange email servers. Microsoft’s own solution, Exchange Online Protection (EoP), as a complete antispam and antivirus solution, can be seamlessly combined with Z1 SecureMail.
|
|||
Microsoft 365 (formerly Office 365) | |||
Google Workspace (formerly G Suite)
Only for business packages that contain email routing options.
|
|||
Google Workspace (formerly G Suite) | |||
Standard interfaces for integration of 3rd party services
Systems for antispam & antivirus, data loss prevention, and archiving can be connected via standard interfaces.
|
|||
Standard interfaces for integration of 3rd party services | |||
Tested Hosting Providers | |||
IONOS Cloud
Check cloud server options at ionos.com e.g. Cloud Server RAM L max. 48 EUR/ month – price last checked, April 2024.
|
|||
IONOS Cloud, RAM optimized: Cloud Server RAM L | |||
Hetzner
See Cloud offers at hetzner.com e.g. Shared vCPU (x86) CX31.
|
|||
Hetzner Cloud, Shared vCPU (x86) CX31 or higher | |||
Microsoft Azure
For email processing, Z1 SecureMail needs to send to Port 25 of other mail servers. In many cases, sending to Port 25 can be opened through a Microsoft Azure support ticket. A prerequisite for this usually is a Microsoft Azure Enterprise Agreement. Please check the Microsoft Azure documentation for further information.
|
|||
Microsoft Azure | — | Microsoft Enterprise Agreement needed |
Microsoft Enterprise Agreement needed |
Customer Service | |||
Zertificon manufacturer support German & English
Our own Zertificon in-house support team assists you in the optimal use of our Z1 solutions. We speak German and English. Technical support is offered for the current and previous versions of the software.
|
|||
Zertificon manufacturer support German & English | |||
Detailed Documentation
The manuals contain explanations of basic concepts and many step-by-step instructions. The documentation is available as online help and PDF. It is illustrated with numerous screenshots and schematic drawings for better understanding. The documentation is written in simple English.
|
|||
Detailed Documentation | |||
Z1 SecureMail ONE Self-Service
Z1 SecureMail ONE customer portal with help pages (manuals, FAQs, videos).
|
|||
Z1 SecureMail ONE Self-Service | — | — | |
9/5 Ticket-based Zertificon Support
We respond to your online-created support tickets during regular office hours.
|
|||
9/5 Ticket-based Zertificon Support | |||
Service Hotline
You can reach our support by phone. Even with calls, further processing is transferred to our ticket system for better tracking.
|
|||
Service Hotline | — | ||
24/7-Support
Customers with 24/7 support receive fast response times even outside office hours.
|
|||
24/7-Support | — | optional | optional |
Individual SLAs
Individual Service Level Agreements (SLA) are available for Enterprise customers.
|
|||
Individual SLAs | — | — | optional |