[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Seeking POP3 E-mail encryption program - nothing needed to be installed on mail recipient's computer.

Posted on 2004-11-22
Medium Priority
Last Modified: 2013-12-04
We are seeking a POP3 e-mail encryption program which meets HIPPA requirements.

Program needs to be easy to use by non-computer literate users - senders and recipients. Senders will be using be using Outlook. No Exchange server involved. Unknown e-mail client software for recipients.

Require nothing needed to be installed on the mail recipient's computer.

Cost is a factor but not a major factor if cost is app $60 or less per user. Prefer $20 or less per user.

Thank you,
Question by:DMVance
LVL 49

Expert Comment

ID: 12651122

There are many available mainly for HIPPA. In our organisation (we are in Telehealth) , we wanted similar one like what you might be looking for and specifically for HIPPA and we are settling with product from

We have also looked at PGP encrytion.

Author Comment

ID: 12651263

This looks interesting. I passed the website info on to management. Thanks for the quick response.

I'm still interested to hearing about other programs.

I'm going to post a separate question about HIPPA requirements and Internet communications.

Thank you,

LVL 49

Expert Comment

ID: 12651265

what I have suggested might be one of the best programs around that is HIPPA complaint. You might want to look at PGP encryption as that is one of the most popular encryption software in the market.

LVL 38

Expert Comment

by:Rich Rumble
ID: 12653991
PGP is going to be used in all the products, as it's an open standard and really the best way to accomplish what you desire, which breaks down to cross-platform interopeability.

60$ is not unreasonable for PGP, but for anything else... that's a real "scrouge" price.
http://www.pgp.com/ (if pgp from the manufacturer is too pricy, outlook is able to do public/private key for free)

Accepted Solution

TJworld earned 2000 total points
ID: 12663260
You don't need to install any additional programs to do this.

If i interpret your question correctly, you want to encrypt the email while it travels through various mail servers so that only the sender and the recipient can read it.

Whatever solution you choose will use a public/private key scheme. It is called this because the digital certificate issued has two parts - a public part you give to anyone, and a private part only used by the owner, and kept confidential.

There is a unique relationship between the public and private keys - if you use one you need the other to do the decryption. In other words if I encrypt something with your public key even i cannot decrypt (otherwise the rest of the world could too!), only the private key can decrypt the message.

Because of this there are two modes of operation when using digital keys: Signing and Encrypting.

When you sign a message it remains as plain text but a 'signature' is added to the message that was calculated using a special algorithm that always generates a unique value. This value is then encyprted using the Senders private key.

When they receive the message the special value is decrypted using the Senders public key and the value recalculated. If the message has been tampered with in any way the value will be different and the Recipient will be told.

This mode allows the message to be read by anyone but any tampering can be detected. It also requires the Recepient to have received the Sender's public key in a trusted manner. More on that later.

The second mode is the one you require, Encryption.

In this mode the entire contents of the entire message are encrypted using the Recipients public key. After encryption even the Sender can't decrypt the message. Once it is received the Recipient decrypts the message using their private key.

No one can read or tamper with the message en-route provided the private key is not compromised.

So what is needed now is for the Sender and Recipient to swap the public portions of their digital signatures so they can encrypt to each other.

For this organisations and public bodies operate Key Servers. These receive and store the public part of your digital signature so that anyone in communications with you can easily download and install it in their own certificate store.

Various schemes operate for the exchange of keys, from passing it personally on floppy disk to having it on a public key server.

The only issue in distribution is this: do you believe that the key you take to be the public key of the other party really came from them? There are some very simple measures for ensuring this. Very often the owner of a certifcate will publish the digital fingerprint of their public key. This is just a string of unique values or words that the other party can check against the public key to ensure its the same one.

So to your specific scenario. Any email client software like Outlook will support the industry standard X.509 mechanism of formatting and using digital certifcates. Therefore you already have all the software you need.

What you need to do is issue digital certificates to each of your staff, and get the partner organisations to do the same with their email-enabled staff.

Then you simply swap public keys.

Now to who issues the digital certificates for your staff. Because you have a large organisation it makes sense to run your own Certificate Server. There is one built into Windows 2000/2003 Server.

Then your users simply request a new key from that server. Doesn't cost you anything.

The Key Server itself is called a Certifcate Authority (CA), since it issues keys itself. So the next question is how can people be sure that the Certificate Authority is trusted?

Well again its quite simple. The CA needs to have its own public key known to email recipients.

There are two ways to do this. The cheapest is simply to pass the public part of the CAs certificate to the email recipients but they would have to explicity install it to each client PC as a CA key and comfirm it is trusted.
Doing it this way is cheap but takes a bit more time because the CA public key has to be trusted on each PC.

The better way to do it is to have your CA's certificate signed by one of the big public Certificate Authorities such as Verisign/Thwate etc.

Because every PC is shipped with the public key of these CAs already installed, then any key signed by that CA "root" key can be checked by the PC for validity without the user needing to do anything.

In practice in your scenario this method would be best. The user would simply install the public key of their email buddies (which can be sent in email followed by checking the fingerprint against the published fingerprint) into their PC. Outlook handles this for you automatically.

Because it's integrated into Outlook and the PC already you have no new applications to deploy support or train for. your external cost is limited to having your organisations CA signed by a public CA.

If you need any more advice or assistance let me know. It is a specialised area.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question