Outsourced Web Mail service
A third approach to web mail security is via out-sourced or hosted web mail service. Yahoo and MSN provide a webmail access. However, very few people using their services would rate such services as 'secure'. Thus the need for business class level of secure web mail access provided by managed security service providers such Co-Mail.
The Co-Mail secure mail service, offered by Ireland based NR Lab LTD, provides a web based secure email service with a user interface that can be used by anyone. Co-Mail security architecture allows this service to be a good choice for any size organization. Co-Mail allows a company to use its own or a Co-Mail registered domain for mail routing. This mail service provides mail confidentiality and is cryptography based on OpenPGP and SSL. Other security features of this on line email service include, rudimentary anti spam, file encryption, strong user authentication via (optional) Rainbow iKey support.
Through an administrative web interface an admin can register for the service, set up new users among other housekeeping tasks. From the admin interface can be viewed organizational email statistics such as near-immediate or historical user account activity. The administrator can customize the look and feel for end user by uploading company logo's, modifying the background header, and selecting header text color. In addition, a company can use its own domain name or become a sub domain to the Co-Mail service.
Co-Mail can integrate into the end user's current email environment via a downloadable proxy software called Co-Mail Express. Co-Mail Express is a light weight-software application that resides on the end users desktop tray. Its job is to intercept mail directed to port 25 in order to encrypt/decrypt a mail message. Although this feature is not mandatory, some may find helpful if web based mail interfaces are not your cup of tea.
Once an end user logs into the service, the user can perform the usual email tasks such sending and receiving mail. In addition, the user can encrypt/decrypt files for secure storage using the Encrypt/Decrypt option within the Co-Mail web interface or the Co-Mail Express interface. The user can also manage the address book, export the address book, turn on/off antispam, set up auto reply texts and so on.
Although, very easy to use for small to medium user communities, traditional large enterprises may be hesitant to outsource their entire email service to a third party. ISPs in particular may want to think seriously about this service value to their customers. This service is worth a look due to potential cost savings in up front setup, and ongoing maintenance. Lower cost and implementation speed are two reasons a large may want to outsource its email system Co-Mail. However, the strength of the security employed by the service provider is also a central concern. Technical details for Co-Mail are available here.