Seeking POP3 E-mail encryption program - nothing needed to be installed on mail recipient's computer.

Posted on 2004-11-22
Last Modified: 2013-12-04
We are seeking a POP3 e-mail encryption program which meets HIPPA requirements.

Program needs to be easy to use by non-computer literate users - senders and recipients. Senders will be using be using Outlook. No Exchange server involved. Unknown e-mail client software for recipients.

Require nothing needed to be installed on the mail recipient's computer.

Cost is a factor but not a major factor if cost is app $60 or less per user. Prefer $20 or less per user.

Thank you,
Question by:DMVance
    LVL 49

    Expert Comment


    There are many available mainly for HIPPA. In our organisation (we are in Telehealth) , we wanted similar one like what you might be looking for and specifically for HIPPA and we are settling with product from

    We have also looked at PGP encrytion.

    Author Comment


    This looks interesting. I passed the website info on to management. Thanks for the quick response.

    I'm still interested to hearing about other programs.

    I'm going to post a separate question about HIPPA requirements and Internet communications.

    Thank you,

    LVL 49

    Expert Comment


    what I have suggested might be one of the best programs around that is HIPPA complaint. You might want to look at PGP encryption as that is one of the most popular encryption software in the market.

    LVL 38

    Expert Comment

    by:Rich Rumble
    PGP is going to be used in all the products, as it's an open standard and really the best way to accomplish what you desire, which breaks down to cross-platform interopeability.

    60$ is not unreasonable for PGP, but for anything else... that's a real "scrouge" price. (if pgp from the manufacturer is too pricy, outlook is able to do public/private key for free)
    LVL 5

    Accepted Solution

    You don't need to install any additional programs to do this.

    If i interpret your question correctly, you want to encrypt the email while it travels through various mail servers so that only the sender and the recipient can read it.

    Whatever solution you choose will use a public/private key scheme. It is called this because the digital certificate issued has two parts - a public part you give to anyone, and a private part only used by the owner, and kept confidential.

    There is a unique relationship between the public and private keys - if you use one you need the other to do the decryption. In other words if I encrypt something with your public key even i cannot decrypt (otherwise the rest of the world could too!), only the private key can decrypt the message.

    Because of this there are two modes of operation when using digital keys: Signing and Encrypting.

    When you sign a message it remains as plain text but a 'signature' is added to the message that was calculated using a special algorithm that always generates a unique value. This value is then encyprted using the Senders private key.

    When they receive the message the special value is decrypted using the Senders public key and the value recalculated. If the message has been tampered with in any way the value will be different and the Recipient will be told.

    This mode allows the message to be read by anyone but any tampering can be detected. It also requires the Recepient to have received the Sender's public key in a trusted manner. More on that later.

    The second mode is the one you require, Encryption.

    In this mode the entire contents of the entire message are encrypted using the Recipients public key. After encryption even the Sender can't decrypt the message. Once it is received the Recipient decrypts the message using their private key.

    No one can read or tamper with the message en-route provided the private key is not compromised.

    So what is needed now is for the Sender and Recipient to swap the public portions of their digital signatures so they can encrypt to each other.

    For this organisations and public bodies operate Key Servers. These receive and store the public part of your digital signature so that anyone in communications with you can easily download and install it in their own certificate store.

    Various schemes operate for the exchange of keys, from passing it personally on floppy disk to having it on a public key server.

    The only issue in distribution is this: do you believe that the key you take to be the public key of the other party really came from them? There are some very simple measures for ensuring this. Very often the owner of a certifcate will publish the digital fingerprint of their public key. This is just a string of unique values or words that the other party can check against the public key to ensure its the same one.

    So to your specific scenario. Any email client software like Outlook will support the industry standard X.509 mechanism of formatting and using digital certifcates. Therefore you already have all the software you need.

    What you need to do is issue digital certificates to each of your staff, and get the partner organisations to do the same with their email-enabled staff.

    Then you simply swap public keys.

    Now to who issues the digital certificates for your staff. Because you have a large organisation it makes sense to run your own Certificate Server. There is one built into Windows 2000/2003 Server.

    Then your users simply request a new key from that server. Doesn't cost you anything.

    The Key Server itself is called a Certifcate Authority (CA), since it issues keys itself. So the next question is how can people be sure that the Certificate Authority is trusted?

    Well again its quite simple. The CA needs to have its own public key known to email recipients.

    There are two ways to do this. The cheapest is simply to pass the public part of the CAs certificate to the email recipients but they would have to explicity install it to each client PC as a CA key and comfirm it is trusted.
    Doing it this way is cheap but takes a bit more time because the CA public key has to be trusted on each PC.

    The better way to do it is to have your CA's certificate signed by one of the big public Certificate Authorities such as Verisign/Thwate etc.

    Because every PC is shipped with the public key of these CAs already installed, then any key signed by that CA "root" key can be checked by the PC for validity without the user needing to do anything.

    In practice in your scenario this method would be best. The user would simply install the public key of their email buddies (which can be sent in email followed by checking the fingerprint against the published fingerprint) into their PC. Outlook handles this for you automatically.

    Because it's integrated into Outlook and the PC already you have no new applications to deploy support or train for. your external cost is limited to having your organisations CA signed by a public CA.

    If you need any more advice or assistance let me know. It is a specialised area.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now