Postini's Free Encrypted E-mail
Postini adds free encrypted e-mail to their service offering, but you get what you pay for.
December 15, 2004
Postini, an e-mail service provider specializing in spam and virus removal, is adding e-mail encryption to its suite of services. The service, available immediately, uses TLS (also known as SSL) to create a secure tunnel between the sender and the receiver's mail gateway. The service is free to Postini's Enterprise Edition customers.
The service is simple to deploy for existing customers because all outgoing messages are already redirected through Postini's spam and virus filters. Customers simply add digital certificates to their mail servers to set up a secure tunnel to the Postini gateway. Postini decrypts the messages and scans them for spam and viruses. It then queries the destination address to set up a secure tunnel. If the destination can accept encrypted messages, Postini creates a new secure link and sends the messages. Mail is delivered in the clear if the recipient gateway does not support or accept TLS connections.
Postini says it is processing approximately 30 million encrypted messages daily, which the company says makes it the world's largest provider of encrypted e-mail. However, it's not at all certain that customers would actually pay for it. The fact that Postini doesn't charge for the service demonstrates a significant ambivalence toward e-mail encryption.
One reason for the ambivalence is that traditional PKI-based solutions can be complex to deploy and manage. Postini avoids those complexities by doing away with the need to issue signing and encryption keys to end users. The company also notes that growing regulatory pressures to protect customer data are renewing interest in secure e-mail.
While that may be true, Postini must deliver mail in the clear if the recipient gateway does not support TLS. Postini says that most mail gateways support TLS, but if regulatory compliance is really a key concern, a best-effort encryption system may not fit the bill.By contrast, most desktop-to-desktop encryption systems have mechanisms to ensure end-to-end delivery of encrypted mail. For instance, PGP's Web Messenger lets users access encrypted mail via a secure tunnel created with a Web browser.
FrontBridge, another e-mail service provider, offers end-to-end e-mail encryption through technology known as Identity-Based Encryption (IBE). FrontBridge's solution, which uses technology from an OEM deal with Voltage Security, replaces digital certificates with keys generated from a user's e-mail address. (For more information on IBE, see "Secure E-Mail and Public Key Cryptography: Together at Last?" in the October 2004 issue of Network Magazine.) FrontBridge charges approximately $8 per user per month for the encryption service.
In the end, Postini customers should avail themselves of the encryption service-it's free, easy to implement and manage, and it will provide some measure of protection. But companies under significant regulatory pressure or that require a high degree of mail security may want to consider a more comprehensive solution.
You May Also Like