|
|
Product Review: Co-Mail Secure EMail Service
Review by Keith Pasley, CISSP
Source: www.netsecurity.about.com
|
Spam is an epidemic. It has been estimated that spam will cost U.S. corporations $10 Billion in 2003 alone. A Harris Poll in July of 2003 found that "fully 79% now favor making mass-spamming illegal and only 10% oppose doing so."
Keith Pasley, CISSP, has contributed the review below of a web-based service that promises to keep that spam from getting to you among other security enhancements.
There used to be a time when secure email management was simple. "Managing" meant sorting through your email messages and putting them into appropriate folders. Secure email back then meant using a simple password for email access. However, today, with email being a business critical application, more threats against email than ever before and government regulatory concerns, secure email management takes on a whole different meaning. Viruses, spam, worms, and other malicious attacks and non-malicious events can bring email infrastructures to their knees. With recent government legislation in countries such as the United States, email confidentiality has become a growing concern.
The Co-Mail secure mail service, offered by Ireland based NR Lab LTD, provides a web-based secure email service with a user interface that can be used by anyone. Co-Mail security architecture allows this service to be a good choice for any size organization. Co-Mail allows a company to use its own or a Co-Mail registered domain for mail routing. This mail service provides mail confidentiality and is cryptography based on OpenPGP and SSL. Other security features of this online email service include rudimentary anti-spam, file encryption and strong user authentication via (optional) Rainbow iKey support.
Through an administrative web interface an administrator can register for the service and set up new users among other housekeeping tasks. From the admin interface can be viewed organizational email statistics such as near-immediate or historical user account activity. The administrator can also customize the look and feel for end users by uploading their own company's logo, modifying the background header or selecting header text color. In addition, a company can use its own domain name or become a sub domain to the Co-Mail service.
End-user account creation can be done by the administrator or the actual end-user. In either case, there is the same 3 step process:
- Register the user name
- Random mouse movement to generate the asymmetric keys
- Create a passphrase
Voila! Done. The security-minded may find this process very simple, yet behind the scene is a server-based implementation of OpenPGP. In the case of end-user registration, the administrator interface provides for sending a customizable message to the end-user with a URL pointing to the registration site.
Co-Mail can integrate into the end-user's current email environment via a downloadable proxy software called Co-Mail Express. Co-Mail Express is a light-weight software application that resides on the end-user's desktop tray. Its job is to intercept mail directed to TCP port 25 (the standard SMTP port)in order to encrypt/decrypt a mail message. Although this feature is not mandatory, some may find it helpful if web based-mail interfaces are not your cup of tea.
Once an end-user logs into the service, the user can perform the usual email tasks such sending and receiving mail. In addition, the user can encrypt/decrypt files for secure storage (S-Disk) on the users computer, manage the address book, export the address book, turn on/off antispam, set up auto-reply texts and so on.
Although very easy to use for small to medium user communities, traditional large enterprises may be hesitant to outsource their entire email service to a third-party. ISPs in particular may want to think seriously about this service value to their customers. This service is worth a look due to potential cost savings in up-front setup, and ongoing maintenance. Lower costs and implementation speed are two reasons a large company may want to outsource its email system to Co-Mail. However, the strength of the security employed by the service provider is also a central concern. Technical details for Co-Mail are available on line at: http://www.co-mail.com/data.html.
Overall, Co-Mail provides a good service. Look for improvements in the area of large scale distributed management and anti-virus. The strongest competitors are premium account services (the ones you have to pay for) such as those offered by Hushmail Communications.
Email management used to be simpler, but the threats against email have grown more complex. With products like Co-Mail that provide a relatively good level of service availability and security, email users around the world can take advantage of strong security with simple administration.
Co-Mail
Network Research Lab. Ltd
Tel: +353 1 639 2909
Email: support@s-mail.com
Basic price: from $1 USD (per mailbox per month). Large configurations are priced per user.
|
|
