Email Encryption & Digital Signing

for large, medium and small businesses

from the leading manufacturer in Germany

Z1 SecureMail Gateway centrally applied email encryption for enterprises

Encrypt and Sign Confidential Emails

– easily at any time with anyone –

effective protection against economic and industrial espionage

Encrypt emails
Z1 SecureMail Gateway is highly automated, fail safe and encrypts emails faultlessly. Depending on the recipients capabilties, emails will be secured using PKI encryption or alternative secure delivery methods. You will be able to communicate securely no matter what. Your communication partners do not need to run a gateway and no special software needs to be installed. – all that’s needed is an email address.

Industrial espionage defense

Z1 SecureMail Gateway provides you with military grade encryption, enabling effective protection against industrial espionage and foreign governmental spy programs. Even if providers are obliged to pass your data to secret agencies all they can provide is illegible text: encrypted data.

Easy Mail Compliance

Don’t worry about personal liability in IT compliance issues. Centrally configurable security policies (Z1 Policies) make sure you don’t need to rely on the judgement of individual employees when dealing with highly sensitive information. You don’t even need to invest in any IT Security awareness training for confidential email exchange. With Z1 SecureMail Gateway policies there won’t be any compliance violations due to accidental misuse or forgotten encryption operations. All security actions are traceable through always-on logging and monitoring in the graphical administration web interface.

Maximum Email Security – Made in Germany

Z1 SecureMail Gateway utilizes open standards with the maximum possible key length, which are recognized and recommended by experts worldwide. It also utilizes common software such as the PDF format for secure delivery. You get maximum protection paired with efficiency and great usability, in a nutshell: State of the Art email encryption.
IT-Security Made in Germany encryption according to german data security standards

How does it work?

Centralized Email Encryption and Signature

Email encryption with Z1 SecureMail GatewayEach email is individually encrypted according to the recipient’s capabilities.
Z1 SecureMail Gateway integrates seamlessly into the existing email infrastructure as an SMTP proxy and processes the complete company-wide email traffic. It operates as a virtual mail room – processing incoming and preparing outgoing mail. The Z1 Gateway encrypts and signs outgoing mail whilst decrypting and validating the signature of incoming items. Suspicious emails are automatically blocked and the internal recipient informed. The complete mail processing is performed according to highly flexible “Z1 Policies” which can be fully configured using the web-based administration interface. Z1 Gateway works silently and transparently in the background. Sending and receiving emails remains the same for employees.

PKI and password based encryption

The Z1 Gateway is fully S/MIME and PGP compliant. For communication partners who don’t have a PKI, messages are delivered automatically using keyless password based encryption. When coupled with Z1 SecureMail End2End the Gateway solution delivers full state of the art End2End Encryption directly to employees and communication partners. Z1 Gateway is highly scalable and simple to integrate into existing email infrastructures with anti-spam and anti-virus solutions. The high-speed real-time processing and fail-over capabilities support mission critical environments & dovetail with business continuity planning.

Certificate and Key Management Challenge

automated Public key infrastructure management

Z1 SecureMail Gateway uses the popular worldwide PKI standards S/MIME and OpenPGP for email encryption and digital signing.

Z1 SecureMail Gateway automatically and centrally encrypts and decrypts all in- & outbound emails whilst at the same time managing all the keys for internal and external users. This solves the main challenge in the efficient operation of PKI based email encryption. For further information about keys and certificates download our White Paper: Secure email in times of rising mobile communication – Applied cryptography: Certificates, Gateways & End-to-End Encryption.

Internal Certificates and Keys

Managed PKI – obtain certificates automatically on demand

Certificates for internal users and domains can be obtained at all officially recognized Certificate Authorities. With our optionally available CA-Connector you can automate the purchase process with a selection of Certificate Authorities such as SwissSign or Comodo. This guarantees a professional and efficient certificate management. This one stop shop approach reduces your adminstration and accounting efforts. Keys for internal users can also be created and signed with the aid of the OnBoard CA. Existing keys can be simply imported and activated and used directly for encryption and/or digital signing. The Lifecycle management for keys and certificates is highly automated and efficient.
Automated Key Management

External Certificates and Keys

The integrated Z1 CertServer component independently performs the fetching, storing, validation and administration of certificates for all external communication partners. Z1 SecureMail Gateway is delivered with a predefined editable set of the most important Certificate Authorities and LDAP directories.

Keyless Encryption – Z1 Messenger

Encrypt emails with passwordExchanging encrypted emails usually requires a PKI with S/MIME or OpenPGP keys. This complex infrastructure isn’t necessarily available in all organizations and is rarely used by end-users. In such cases it is almost impossible to communicate securely by email. To meet this challenge, the Z1 SecureMail Gateway solution has been extended with the highly flexible Z1 Messenger component which uses automatic password based encryption to provide instantaneous secure email exchange with any recipient. The user friendly solution does not require any end-user software installation or plugins. All that is required is a browser and/or a PDF reader – basic software that’s installed not only on every desktop PC but also on mobile devices. The automatic password management incorporated into the solution fully replaces the need for end users to install complex PKI certificate and key management software. The result is high security, confidentiality and compliance conformity for organizations when communicating with end-users and members of the public.

Password Based Encryption: Delivery Methods

Z1 Messenger supports the following Push & Pull Technologies for password based email encryption:
  • Z1 WebSafe: Emails are delivered to the user via a HTTPS secured webmailer.
  • Z1 KickMail HTML: The email is delivered as an encrypted HTML attachment which is decrypted and viewed in the online webmail portal. Low server-side storage requirements whilst end users can manage their mails directly in their email client.
  • Z1 KickMail PDF: Emails are delivered as encrypted PDF files directly to the recipient. Decryption and viewing is performed fully on the client. Full PDF Look & Feel tailoring results in high user acceptance & trust.

Intuitive Usability

All password protected delivery methods are easy to use and ensure a fluid two-way communication by offering the possibility to send an encrypted response directly from the webmailer. Neither sender nor recipient need training for Z1 Messenger. All available delivery methods can be administered centrally. The external user can select his or her preferred delivery method from the user friendly web-based interface. For one-time communication, Z1 Messenger includes the slimline Accountless mode.
Z1 Messenger message thread Z1 Messenger user interface: message thread

High User Acceptance

…thanks to intuitive usability, Self-service portal and tailorable GUI The ease and transparency with which internal users can send encrypted emails to recipients with or without a PKI guarantees instant acceptance. External users feel confident receiving secure messages in their standard tools and with mature intuitive interfaces. Acceptance is strengthened by the ability of external users to select their delivery method and manage their messages either online or in their usual mailbox. External users are fully integrated into the password management system and are able to define their own passwords and recover their login credentials without any help-desk support. The end-user features can be fully configured from the administrator interface. The high user acceptance is underpinned with interfaces tailored to the corporate design and branding. The highly secure and user friendly communication tool is one of the main point of contacts for your clients and a great marketing tool.

Z1 Messenger-Extension “TeamEncryption”

TeamEncryption is the tool that allows you to set up a secure Z1 email infrastructure for an entire group which can contain an unlimited number of people who are not directly connected with your company. All individuals who received your encrypted email via Z1 Messenger can now exchange encrypted emails with all of the other recipients of your initial message.

TLS 1.2, VPN and De-Mail

Encrypted Channels for the secure transfer of email have become well established. A German technical guide from the ministry for security in information technology sets the minimum standard for federal agencies TLS 1.2. Z1 SecureMail Gateway supports TLS according to the current standard. Other encryption methods for secure channels for email transfer are supported. VPN Connections for continuous communication can be configured via the administration interface. German De-Mail customers can use our special optional extension De-Mail-Connector. This enables the use of Z1 SecureMail Gateway as a De-Mail Gateway. Zertificon is not a De-Mail Service Provider. Further information about De-Mail (only in German language) can be found here.
Coming soon

Z1 MyCrypt - optional client extension for all enduser mail clients and as App for mobile devices

Optional client extension for desktops & mobiles

With the Z1 MyCrypt client extension for Z1 SecureMail Gateway, users can very easily check the security status of emails before sending them and control processes within a pre-configured framework. The encryption and signing of an email is a simple click.

Z1 MyCrypt is available as an app, plug-in or add-in for popular operating systems and can be combined with common Mobile Management systems e.g. in BYOD scenarios (Bring Your Own Device).

Z1 MyCrypt for MS OutlookZ1 MyCrypt Mail for MS Outlook

Sign up for trust with digital email signatures

Digital signatures build up trust in digital communications. A signature proves that the email sender is the true origin of an mail and that the email has not been manipulated during transfer.

Digital Signatures in the Corporate World

By using a centralized secure email gateway, email signatures are easily and automatically added to each mail which leaves the company whilst incoming mail signatures are validated. The complete signing task takes place directly on the gateway and employees are informed should a mail arrive with an invalid signature or modified content. The processing of signatures is controlled centrally by easily configurable policies. It is possible for example to remove valid signatures from emails. And the complete email can simply be blocked if its signature is not valid.
SigningThe private key is used for signing.
Signature ValidationThe public key is used for validation.

Non-Repudiation – Proving who sent it!

An email signature gives emails a binding character as it is almost impossible for the true sender to deny that they are the source of a specific email. In addition, the time the message was sent and any changes to the content can all be proven at a later point in time. Digital signatures make a statement that has been sent in an email non-repudiable.

Alternative internal integrity checking

PDF signing integrated into Z1 SecureMail Gateway for inbound PDF fraud protection and simple verification with common PDF readers (e.g. Adobe Reader).

Protection from Phishing Attack & Email Manipulation

Phishing emails are fraudulent emails which are designed to trick the recipient into divulging sensitive information such as password or account details. Usually they are distributed with false sender details which are selected to abuse the trust the recipient has in the selected sender. Spear phishing is a more perfidious method which directly targets employees within an organization. Other types of email fraud attempt to intercept emails and to modify the content to the advantage of the criminal. Z1 SecureMail Gateway automates and executes the validation of incoming email signatures and provides the recipient with a warning should the email show signs of manipulation or be a potential phishing attack. The chance of being the victim of a phishing attack is significantly reduced when email signatures are used across the board and together with partners and clients.

Advanced Electronic Signature using Qualified Certificates

From a legal point of view, advanced signatures which are based upon qualified signatures are the same as signing a document by hand. For this reason, qualified signatures are only applied to documents. Digital email signatures are analogue to an envelope seal. Z1 SecureMail Gateway can automatically and centrally sign emails. Both digital email signatures as well as qualified signatures in attachments can be verified in inbound emails.

Z1 SecureMail Gateway at a glance:

Key functions:
  • Central email encryption and digital signing with PKI (S/MIME, OpenPGP )
  • Secure Delivery with keyless encryption using passwords
  • Self-Service user password management with customizable user front-end
  • Automatic key and certificate administration for users, group and domains
  • Automatic certificate search and real-time validation
  • Centrally configurable poilicies for compliance enforcement
  • Optional user commands
  • Gateway-to-Gateway encryption
  • Secure Transport via TLS and VPN
  • Flexible integration into all environments, including MS Office 365
  • Rapid installation within hours into standard infrastructures
  • Centralization of company-wide security policies
  • Transparent for internal users – no training required
  • Optimized Z1 Appliance Platform with full service
  • Minimum administration and maintenance.
  • Flexible scalability
  • High performance, load balancing and redundancy
  • Cluster capable
  • Multi-tenancy
  • Internal & End-to-End Encryption & digital signing
  • Synchronization with ERP directories e.g. Active Directory, Lotus Notes
  • Attachment processing including proprietary formats. e.g. EDI, CAD
  • Managed PKI – direct connection to Certificate Authorities
  • De-Mail and Governikus connection; further connections available on request
  • Integration of Hardware Security Modules (HSM)

Print Z1 SecureMail Gateway Overview:    Print Overview

easy email encryption gateway solution for small businesses - SMB / SME

Complete Email Encryption Solution for SMB/SME up to 50 Users

email encryptionWhether you are a doctor and need to send patient data securely via email or you are an attorney who needs to exchange sensitive data with clients and officials or if you are in contact with a large enterprise asking you to encrypt – with Z1 SecureMail Easy you found the right solution! Z1 SecureMail Easy is your secure communication solution for the electronic exchange of personal data according to the EU GDPR. For differences between “Easy” and Z1 SecureMail Gateway see our product comparison table.

Secure emails with business partners and end customers

With Z1 SecureMail Easy you write your emails as usual, but they automatically are delivered as password-encrypted PDFs that look like emails or alternatively via a secure Z1 Messenger email account. Z1 SecureMail Easy also features a confidential email answer functionality for your contacts.

To exchange emails with contacts who already use professional encryption solutions with S/MIME certificates or OpenPGP keys, choose Z1 SecureMail Easy with PKI technology.

Your advantages at a glance

  • confidential emails with business partners and end customers
  • compliant with EU General Data Protection Regulation
  • easy installation & administration
  • automated email encryption & decryption
  • automated signing & signature validation

Z1 SecureMail Easy – Minimum Technical Requirements

  • personal domain, no freemailer addresses (e.g. or
  • personal mail server either local (on-premise) or cloud-based (e.g. Microsoft Office 365 or Google G Suite) to set up routing
  • dedicated line / fixed IP address to use full range of functions (limited functionalities for DSL customers)

If you do not meet the minimum requirements yet, for a start we recommend Z1 CryptNow our free encryption tool for individual users.