Email Security with ZMAIL
Protect Yourself Online
The following describes the security measures that we take to protect your information on the Internet and how you can help to further protect yourself:
- SSL: ZMAIL uses standards-based Secure Sockets Layer (SSL) for secure transactions. SSL applies encryption between two communicating applications, such as at your PC and at our secure Internet server, authenticated at our server end. When your data is transmitted over the Internet, it is encrypted at the sending end and then decrypted at the receiving end. When using ZSENTRY Mail, make sure that the web addresses of the ZMAIL pages you use begin with "https://zsentry.com/" -- information exchanged with any address beginning with https is encrypted using SSL before transmission.
- Encryption: Encryption is a technology that allows secure transmittal of information by encoding the transmitted data using a mathematical formula that scrambles it. Without a corresponding "decoder" (decryption) the transmission looks like gibberish text and has no meaning. SSL encryption protects the transmission of data from one party to another, both ways. The sender encodes the data by scrambling it, then sends it on to the recipient. The recipient must decode the data with the correct "decoder" in order to be able to use the data.
- 128-bit Encryption: The effectiveness (or level of security) of encryption depends on several conditions. An important condition is measured in terms of how long the key is -- the longer the key, the longer it would take for someone without the correct "decoder" to break the code. The key size is measured in bits, and depends both on the server as well as on your browser. The ZMAIL server is capable of supporting 128-bit encryption, which is the level of encryption recommended for use with email, online business applications and ecommerce.
- Check Encryption and Key Size: You can check for yourself to verify the encryption and key size that your browser is using with ZMAIL, for example, when you see the ZMAIL page where you enter your registration information. Usually, the status bar (the status bar is at the very end of the browser window, ordinarily with a gray color) shows a closed padlock icon to indicate that SSL is active for that page. Additional information is also readily available. If you are using the MSFT Internet Explorer browser, place the mouse cursor over the padlock icon in the status bar . You should read the words "SSL Secured" and "128 bit", with your encryption strength in terms of key size. If you are using another browser, such as Netscape, Mozilla or FireFox, place the mouse cursor over the padlock icon in the status bar and double-click. You should see a window with the words "RC4" and "128 bit", showing the encryption strength in terms of key size.
- Data Vulnerability: ZMAIL does not have your login data or keys. You are the only holder of the login data that grants access to your account and allows your emails to be encrypted or decrypted. Your user keys literally do not exist until you log in again. Unless you login, no one can decrypt your encrypted data.
- ZMAIL PREMIUM Seal: ZMAIL solves the problem of authenticating the sender's email address, both for PREMIUM and BASIC users. For PREMIUM users, ZSENTRY Mail goes a step further and identifies messages sent by PREMIUM users with an encrypted PREMIUM Seal, visible to recipients after the message is decrypted. The PREMIUM SEAL links to additional security information about the sender when the recipient clicks on the PREMIUM Seal, helping the recipient verify the authenticity of the email received.
- Password: Try to make your password as unique as possible, but memorable to you. We suggest that your password should have at least 8 but no more than 20 characters, and must include at least one upper case letter, one lower case letter, one numeric digit, and one symbol found on the keyboard (any keyboard character not defined as a letter or numeral). Research shows that users chose passwords with control characters only 1.4% of the time, and punctuation and space characters less than 6% of the time. It is a good idea to write down your password and keep it somewhere safe, possibly in two different safe locations, not near your computer.
- ZSENTRY Password and Login Security: ZMAIL is not as dependent on password quality for login security, as conventional systems. However, it is recommended that ZSENTRY passwords should include at least one control or punctuation character. All of the characters !@#$%^&*()_-+=[]|\;:"?/,.< >`~' and space can be used in ZSENTRY passwords. With ZSENTRY technology, passwords are not at risk anywhere (not even encrypted or in digest form) and they are paired with an unpredictable ZSENTRY Usercode that is also not at risk anywhere. Therefore, a ZSENTRY password cannot be cracked by itself (unlike passwords in conventional systems) and would have to be guessed at the same time as the corresponding and extremely-hard-to-guess ZSENTRY Usercode. We encourage you to use a new password rather than one used for other accounts, that could be easily broken and then compromise your ZSENTRY password.
- No phishing. No spoofing. No spam. With its unique login technology, ZMAIL prevents spoofing of web sites, including spoofing of
the web site ZSENTRY.com. The ZSENTRY login looks like the usual username and password login, but in two screens. You do
not have to give your password unless you have a first proof that the website you reached is
allowed to process it. The first proof is provided by the Return Code (RC), a three-letter combination
(such as "BTP") that you receive when you register. When you verify that the three letters calculated by the website match exactly
the three letters of your RC, which you have not disclosed, you have the first proof that the
website is legitimate and can be trusted to process your ZSENTRY Password in order to authenticate you.
Matching the RC prevents spoofing, phishing and pharming, which
SSL alone cannot provide. Additional values that you have not disclosed are provided as proofs for your verification after you log in, including your name and email
address that must be correct on top of each page. In addition, every message, every sender and every recipient are authenticated every time. These are important and unique advantages of using ZMAIL, both for sending and receiving email, closing major channels for spam and preventing spoofing and phishing emails.
- Java, ActiveX controls: ZMAIL does not require Java or ActiveX controls stored in your computer by the server. Be careful with sites that use downloaded Java or ActiveX controls.
- How to Further Protect Yourself Online: There are simple steps you can take to further protect yourself from fraud while online. Verify the URL (web address) of the sites you visit. If you're on a secure site, it should start with https (the "s" indicates it is secured by SSL.) A padlock image also should appear at the bottom of your browser window. Install a firewall -- there are good free firewalls available for personal use. Install anti-virus software and update it regularly with the most current version. Use separate passwords and PINs for your Internet accounts and make them difficult for others to guess. To further protect your privacy, exit your browser after you logoff. Be careful when opening email messages, even if apparently sent by people you know; it is very easy to fake a sender's address in an email. Use email authentication and encryption with ZMAIL. Never send personal or financial information by email unless it is encrypted and authenticated (ZMAIL). Be careful when clicking on a link in an email, unless the email is authenticated with spoof-prevention (ZMAIL); otherwise it is very easy to be spoofed (a phishing email, for example).
- Additional Help: Review the security measures recommended by the Better Business Bureau, the U.S. Government and others at the following sites:
http://www.cert.org/tech_tips/securing_browser
http://www.nipc.gov/warnings/computertips.htm
http://www.bbb.org/alerts/article.asp?ID=153
http://iisw.cerias.purdue.edu/home_computing/topten.php
ZMAIL PREMIUM Seal -- verify the authenticity of email by clicking on the PREMIUM Seal.
TERMS OF SERVICE: The Terms Of Service are available through the
Support Help page.
ZMAIL Spoofing, Phishing, Pharming and Spam FAQ
Email Security Begins With The Login...
The contents of this entire site and domains zsentry.com are © Copyright, NMA Inc., 2006.
All rights reserved, worldwide. Titles and product names are trademarks
of NMA, Inc., including NMA, ZSENTRY, Return Code and ZMAIL. Patent
pending.