Z1 SecureMail for companies of all sizes

Automated email encryption/decryption using S/MIME or OpenPGP

Confidential, encrypted, and compliant business communication with contacts who provide certificates or keys. S/MIME and OpenPGP are supported.

Digital Signing for outgoing emails

Outgoing emails are automatically digitally signed based on certificates. Digital signatures build trust in digital communication. Your contacts can verify the email signatures to determine if the message truly comes from you and whether the content has been altered..

Signature validation for incoming emails

The digital signatures of incoming emails are verified. The result of the verification is appended to the original email sent to the recipient in your company. This allows your employees to immediately determine the trustworthiness of each email they receive.

Secure webmailer in your corporate design

Emails are encrypted and delivered to a secure HTTPS webmailer that you operate within your own infrastructure through Z1 SecureMail. The email recipient receives a notification to their standard mailbox for each newly incoming email. A reply function is included in the webmailer. The user interface can be easily customized to your corporate design using a special Theme Editor, even without HTML and CSS knowledge.

Delivery as encrypted PDF attachment

Emails are converted into PDF files and then transmitted to the recipients’ mailboxes. There is no storage on your server. The design of the PDF template is customizable to your corporate design.

Several account-activation methods

Accounts are automatically created for recipients of password-encrypted emails. Activation of the account by recipients can occur at various security levels, and 2-factor authentication is supported.

Accountless Mode

With the Accountless Mode, you can use encrypted emails without recipients having to register. Each message is protected with a one-time password. Additional messages receive new passwords. This allows important documents to be sent in compliance with data protection at longer intervals without the need to keep an account active. You can choose to use the Accountless Mode with or without the option for a reply.

Debranding

Upon logging into the webmail account, your communication partner can discreetly recognize that you are using our solution through a subtle Zertificon logo. This logo can be hidden with appropriate licensing.

Number of Domains/Subdomains

The number of your own domains or subdomains that you can manage in a Z1 product is limited to five in the Z1 SecureMail ONE product. For other Z1 SecureMail products, the number of domains or subdomains is individually negotiated.

Domain validation

Guided process for domain validation with the corresponding trust centers.

S/MIME X.509 certificate procurement

We maintain longstanding partnerships with various trust centers and enjoy special reseller conditions, from which you can also benefit. Take advantage of getting solutions and services from a single source – for more information, visit Trustcenter Partnerships.

Automated X.509 key and certificate creation for new users

Keys and certificates are automatically issued for all licensed users. No manual input is required for issuing user keys and certificates when onboarding new employees.

Onboard OpenPGP key generator

OpenPGP keys can be generated directly in the system.

Automated OpenPGP key creation for new users

For every newly created user, an OpenPGP key is automatically generated.

Central OpenPGP signer key

All OpenPGP keys created by you are counter-signed with your company’s central signing key. This makes your keys easily recognizable as trustworthy for third parties.

Lifecycle management for keys & certificates

For keys and certificates issued with Z1 SecureMail products, the management of the entire certificate lifecycle is automated. You don’t need to note any dates to manually create and publish new keys.

Automated key & certifcate publishing

Your public OpenPGP keys and S/MIME certificates are automatically published on the certificate portal Z1 Global TrustPoint right after creation. Simply refer your contacts there and save time on manual key exchange. If your contacts also use Z1 products, the key exchange happens fully automatically on both sides. All Z1 SecureMail products are connected to Z1 Global TrustPoint.

HSM support

Support for the integration of selected third-party Hardware Security Modules (HSMs) for storing private keys.

Automated search and storage of certificates and public keys

Public keys and certificates from business partners and customers are automatically retrieved via Z1 Global TrustPoint. Certificates and CA key chains contained in signed email messages are automatically extracted and stored from email traffic.

Automated real time validation of S/MIME certificates

Certificates from business partners and customers are automatically validated. Certificate revocation lists (CRLs) of the issuing trust centers are checked, and the Online Certificate Status Protocol (OCSP) is used if necessary.

Trust process for external OpenPGP keys

Since there are no OpenPGP certification authorities, you need to verify and decide whether to trust PGP keys sent or found in directory services. To use PGP keys stored in Z1 Global TrustPoint, you are offered an acceptance option with the notification.

Central rules for encryption and signing

Configure rule-based policies – ‘Z1 SecureMail Policies’ – for the central control of email message encryption and signing for all email addresses in your company. Compliance with regulations, such as GDPR, can be easily enforced throughout the entire company.

Blocking and alerting for suspiciuos emails

Automatic warnings for faulty signatures or invalid certificates are enabled by default. You can optionally block suspicious messages.

Allow user actions via subject line commands

User commands entered in the subject line allow the sender to trigger actions such as ‘Encrypt’ or ‘Sign’ for individual emails.

Client plugin Z1 MyCrypt Mail

The Z1 SecureMail Add-in for Microsoft Outlook reduces the activation of email encryption and signature to a single click. Depending on the email content, your employees can decide on the respective security standard of an email.

Encrypted email in your own company network

Choose or combine: Organizational end-to-end encryption with re-encryption on the gateway with a dedicated PKI for internal use OR Personal end-to-end encryption meaning the gateway cannot access the email content. The client plugin is optional.

Automated embedding of email sign off area with contacts details, disclaimers or event info

Central configuration for the automated insertion of text blocks such as a signature in the footer of an email with contact details, logo, liability, or event information. Inclusion of text blocks is set based on sender or recipient address, group membership, or domain name.

Shared email volume

The volume of all incoming and outgoing emails is shared across the entire user base. If a user sends or receives less, other users can consume this free volume. With the maximum licensing of 100 users, Z1 SecureMail ONE has a maximum volume of 300,000 emails per month. You can view your consumption status at any time in the administration interface. You will also receive email notifications well before reaching the limit. Then you have the option to add additional volume via the customer portal within minutes.

High email volume

Licensed users can exceed the standard email volume of 3,000 emails/user/month. An initial estimate of the email volume is billed with advance payments. A monthly volume report is generated and usually billed quarterly based on consumption.

Multiple tenants on one Z1 system

Operation of multiple customer organizations with independent configurations in one system. Multiple tenants can be managed with their own policies, administrator rights and roles, dedicated monitoring, and separate log files.

Active/Passive Licenses

For users with Active licenses, personal certificates are issued. Users with Active licenses have access to all features. Z1 SecureMail ONE exclusively includes Active licenses. Passive licenses are limited to the use of domain certificates. They allow the reception of encrypted emails when encrypted with a domain certificate. No user certificates are issued for Passive users. Active encryption of emails is not possible. Users with Passive licenses also cannot send password-encrypted emails.

Bulk import per CSV

Users and functional addresses can be exported from other directories and then imported into Z1 SecureMail as a CSV file.

Directory Connector

Automatic import of users/groups from Active Directory (AD) and LDAP directories.

Standard Virtualization environments: VMware/vSphere, Citrix XenServer, Microsoft Hyper-V, Proxmox

Common virtualization environments for enterprises are supported in the current versions.

On-Premises or Cloud

Z1 SecureMail is delivered as an ISO file. This is installed either On-Premises or in the Cloud on a virtual machine.

Hardened Linux Debian operating system

Debian Linux as the operating system has been reduced to essential functions for operating our software. Unnecessary ports have been closed. Restrictive rights and system policies apply.

Z1 Appliance Management Software

Updates and standard configurations for the Z1 system are managed through the Z1 Appliance Management Software.

Software- and Security updates

New software and security updates are displayed in the admin interface and can be installed with a click.

Webbased Administration interface

All standard configurations can be made in the easy-to-use, browser-based administration interface.

Preconfigured Onboard Firewall

The onboard firewall secures your Z1 system against unauthorized access. Access is only possible via defined ports and from specific IP addresses.

High Availability Cluster

Cluster logic enables features such as high availability or the setup of security zones.

Distributed Installation

Multiple virtual machines run all or certain Z1 SecureMail components on separate machines in different networks.

Mail server on-premises or cloud

All standard SMTP/TLS mail servers can be used On-Premises, in the Cloud, or in hybrid scenarios with Z1 SecureMail.

Microsoft 365 (formerly Office 365)

Only for business packages with Exchange email servers. Microsoft’s own solution, Exchange Online Protection (EoP), as a complete antispam and antivirus solution, can be seamlessly combined with Z1 SecureMail.

Google Workspace (formerly G Suite)

Only for business packages that contain email routing options.

Standard interfaces for integration of 3rd party services

Systems for antispam & antivirus, data loss prevention, and archiving can be connected via standard interfaces.

1&1 Ionos

See the VServer/VPS offers at ionos.com e.g. Cloud Server RAM L max. 48 EUR/ month – price last checked, April 2024..

Hetzner

See Cloud offers at hetzner.com.

Microsoft Azure

For email processing, Z1 SecureMail needs to send to Port 25 of other mail servers. In many cases, sending to Port 25 can be opened through a Microsoft Azure support ticket. A prerequisite for this usually is a Microsoft Azure Enterprise Agreement. Please check the Microsoft Azure documentation for further information.

Zertificon manufacturer support German & English

Our own Zertificon in-house support team assists you in the optimal use of our Z1 solutions. We speak German and English. Technical support is offered for the current and previous versions of the software.

Detailed Documentation

The manuals contain explanations of basic concepts and many step-by-step instructions. The documentation is available as online help and PDF. It is illustrated with numerous screenshots and schematic drawings for better understanding. The documentation is written in simple English.

Z1 SecureMail ONE Self-Service

Z1 SecureMail ONE customer portal with help pages (manuals, FAQs, videos).

9/5 Ticket-based Zertificon Support

We respond to your online-created support tickets during regular office hours.

Service Hotline

You can reach our support by phone. Even with calls, further processing is transferred to our ticket system for better tracking.

24/7-Support

Customers with 24/7 support receive fast response times even outside office hours.

Individual SLAs

Individual Service Level Agreements (SLA) are available for Enterprise customers.