Seeking POP3 E-mail encryption program - nothing needed to be installed on mail recipient's computer.

We are seeking a POP3 e-mail encryption program which meets HIPPA requirements.

Program needs to be easy to use by non-computer literate users - senders and recipients. Senders will be using be using Outlook. No Exchange server involved. Unknown e-mail client software for recipients.

Require nothing needed to be installed on the mail recipient's computer.

Cost is a factor but not a major factor if cost is app $60 or less per user. Prefer $20 or less per user.

Thank you,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


There are many available mainly for HIPPA. In our organisation (we are in Telehealth) , we wanted similar one like what you might be looking for and specifically for HIPPA and we are settling with product from

We have also looked at PGP encrytion.
DMVanceAuthor Commented:

This looks interesting. I passed the website info on to management. Thanks for the quick response.

I'm still interested to hearing about other programs.

I'm going to post a separate question about HIPPA requirements and Internet communications.

Thank you,


what I have suggested might be one of the best programs around that is HIPPA complaint. You might want to look at PGP encryption as that is one of the most popular encryption software in the market.

Rich RumbleSecurity SamuraiCommented:
PGP is going to be used in all the products, as it's an open standard and really the best way to accomplish what you desire, which breaks down to cross-platform interopeability.

60$ is not unreasonable for PGP, but for anything else... that's a real "scrouge" price. (if pgp from the manufacturer is too pricy, outlook is able to do public/private key for free)
You don't need to install any additional programs to do this.

If i interpret your question correctly, you want to encrypt the email while it travels through various mail servers so that only the sender and the recipient can read it.

Whatever solution you choose will use a public/private key scheme. It is called this because the digital certificate issued has two parts - a public part you give to anyone, and a private part only used by the owner, and kept confidential.

There is a unique relationship between the public and private keys - if you use one you need the other to do the decryption. In other words if I encrypt something with your public key even i cannot decrypt (otherwise the rest of the world could too!), only the private key can decrypt the message.

Because of this there are two modes of operation when using digital keys: Signing and Encrypting.

When you sign a message it remains as plain text but a 'signature' is added to the message that was calculated using a special algorithm that always generates a unique value. This value is then encyprted using the Senders private key.

When they receive the message the special value is decrypted using the Senders public key and the value recalculated. If the message has been tampered with in any way the value will be different and the Recipient will be told.

This mode allows the message to be read by anyone but any tampering can be detected. It also requires the Recepient to have received the Sender's public key in a trusted manner. More on that later.

The second mode is the one you require, Encryption.

In this mode the entire contents of the entire message are encrypted using the Recipients public key. After encryption even the Sender can't decrypt the message. Once it is received the Recipient decrypts the message using their private key.

No one can read or tamper with the message en-route provided the private key is not compromised.

So what is needed now is for the Sender and Recipient to swap the public portions of their digital signatures so they can encrypt to each other.

For this organisations and public bodies operate Key Servers. These receive and store the public part of your digital signature so that anyone in communications with you can easily download and install it in their own certificate store.

Various schemes operate for the exchange of keys, from passing it personally on floppy disk to having it on a public key server.

The only issue in distribution is this: do you believe that the key you take to be the public key of the other party really came from them? There are some very simple measures for ensuring this. Very often the owner of a certifcate will publish the digital fingerprint of their public key. This is just a string of unique values or words that the other party can check against the public key to ensure its the same one.

So to your specific scenario. Any email client software like Outlook will support the industry standard X.509 mechanism of formatting and using digital certifcates. Therefore you already have all the software you need.

What you need to do is issue digital certificates to each of your staff, and get the partner organisations to do the same with their email-enabled staff.

Then you simply swap public keys.

Now to who issues the digital certificates for your staff. Because you have a large organisation it makes sense to run your own Certificate Server. There is one built into Windows 2000/2003 Server.

Then your users simply request a new key from that server. Doesn't cost you anything.

The Key Server itself is called a Certifcate Authority (CA), since it issues keys itself. So the next question is how can people be sure that the Certificate Authority is trusted?

Well again its quite simple. The CA needs to have its own public key known to email recipients.

There are two ways to do this. The cheapest is simply to pass the public part of the CAs certificate to the email recipients but they would have to explicity install it to each client PC as a CA key and comfirm it is trusted.
Doing it this way is cheap but takes a bit more time because the CA public key has to be trusted on each PC.

The better way to do it is to have your CA's certificate signed by one of the big public Certificate Authorities such as Verisign/Thwate etc.

Because every PC is shipped with the public key of these CAs already installed, then any key signed by that CA "root" key can be checked by the PC for validity without the user needing to do anything.

In practice in your scenario this method would be best. The user would simply install the public key of their email buddies (which can be sent in email followed by checking the fingerprint against the published fingerprint) into their PC. Outlook handles this for you automatically.

Because it's integrated into Outlook and the PC already you have no new applications to deploy support or train for. your external cost is limited to having your organisations CA signed by a public CA.

If you need any more advice or assistance let me know. It is a specialised area.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.