Spam is an epidemic. It has been estimated that spam will cost U.S. corporations $10 Billion in 2003 alone. A Harris Poll in July of 2003 found that "fully 79% now favor making mass-spamming illegal and only 10% oppose doing so." Keith Pasley, CISSP, has contributed the review below of a web-based service that promises to keep that spam from getting to you among other security enhancements.
There used to be a time when secure email management was simple. "Managing" meant sorting through your email messages and putting them into appropriate folders. Secure email back then meant using a simple password for email access. However, today, with email being a business critical application, more threats against email than ever before and government regulatory concerns, secure email management takes on a whole different meaning. Viruses, spam, worms, and other malicious attacks and non-malicious events can bring email infrastructures to their knees. With recent government legislation in countries such as the United States, email confidentiality has become a growing concern.
The Co-Mail secure mail service, offered by Ireland based NR Lab LTD, provides a web-based secure email service with a user interface that can be used by anyone. Co-Mail security architecture allows this service to be a good choice for any size organization. Co-Mail allows a company to use its own or a Co-Mail registered domain for mail routing. This mail service provides mail confidentiality and is cryptography based on OpenPGP and SSL.
Other security features of this online email service include rudimentary anti-spam, file encryption and strong user authentication via (optional) Rainbow iKey support.
Through an administrative web interface an administrator can register for the service and set up new users among other housekeeping tasks. From the admin interface can be viewed organizational email statistics such as near-immediate or historical user account activity. The administrator can also customize the look and feel for end users by uploading their own company's logo, modifying the background header or selecting header text color. In addition, a company can use its own domain name or become a sub domain to the Co-Mail service.
End-user account creation can be done by the administrator or the actual end-user. In either case, there is the same 3 step process:
1) Register the user name 2) Random mouse movement to generate the asymmetric keys 3) Create a passphrase
Voila! Done. The security-minded may find this process very simple, yet behind the scene is a server-based implementation of OpenPGP.
In the case of end-user registration, the administrator interface provides for sending a customizable message to the end-user with a URL pointing to the registration site.