ZixCorp EMail Encryption



  • Anyone use these guys?

    I occasionally get something from someone who uses them, and was just wondering if their product holds water.

    It simply says (as if it was secure)...
    This message was secured by ZixCorp(R).

    They make it seem like there is nothing to do on the recipient end, but of course that is garbage. Turns out they also need a ZixCorp add-on on their end. Or to send the recipient to a website, which does not usually happen in the e-mails that I receive.

    Is that built in to systems that I am unaware of? Or is this just all marketing?



  • @Technomancer has friends there.



  • @BRRABill said in ZixCorp EMail Encryption:

    They make it seem like there is nothing to do on the recipient end, but of course that is garbage. Turns out they also need a ZixCorp add-on on their end. Or to send the recipient to a website, which does not usually happen in the e-mails that I receive.

    Is that built in to systems that I am unaware of? Or is this just all marketing?

    It's BS. It isn't even email. It's a non-email web based message service. It is secure and works well, but it isn't email at all.



  • I've always heard good things about them. One of the more trusted secure "email" providers.



  • My bank uses them.



  • yeah, As Scott says, it's not really email. It's a notification service for their secure website. Those who buy into the product can integrate it with their email system, but those they are sending to who do not subscribe, those people just get a link to the paying customer's website to create a logon so they can retrieve a secure message. What's completely broken in this situation - the first message sent to the non subscribing receiver, it's sent completely in the clear, and anyone intercepting it can create the logon themselves. System admins of the receivers can impersonate their corporate employees and send password resets and then gain access.

    I suppose it's better than nothing, but it's really not that good.

    If you want real security, you have to use something like GPG or PGP or an end to end secure chat like Telegram CAN offer, but isn't the default.



  • @aaronstuder said in ZixCorp EMail Encryption:

    My bank uses them.

    I suppose it's one step up from faxing.



  • @Dashrender said in ZixCorp EMail Encryption:

    @aaronstuder said in ZixCorp EMail Encryption:

    My bank uses them.

    I suppose it's one step up from faxing.

    Definitely at least one step better than fax.



  • @Dashrender said in ZixCorp EMail Encryption:

    If you want real security, you have to use something like GPG or PGP or an end to end secure chat like Telegram CAN offer, but isn't the default.

    The security on Zix is good, the ease of use is not.



  • But, I did not get a link.

    I just get something that says "secured by..." which makes it seem like it is something it is not.



  • @BRRABill said in ZixCorp EMail Encryption:

    But, I did not get a link.

    I just get something that says "secured by..." which makes it seem like it is something it is not.

    did you see the actual contents of the email?



  • @BRRABill said in ZixCorp EMail Encryption:

    But, I did not get a link.

    I just get something that says "secured by..." which makes it seem like it is something it is not.

    Huh? You got an "email" that was secured? Can you forward that to me? What are you opening it in?



  • Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.



  • @Dashrender said in ZixCorp EMail Encryption:

    Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.

    So the email is unsecured? What's the point?



  • @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.

    So the email is unsecured? What's the point?

    This just depends on how you look at it.

    Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.

    Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?



  • @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.

    So the email is unsecured? What's the point?

    This just depends on how you look at it.

    Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.

    Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?

    Right, Exchange has X security to begin with. We presume that the goal of Zix is to add more security. But nothing more is added. The places where Exchange is secure remain secure and the places where it is not, remain insecure (the resting mailbox storage.) So other than milking the coffers, what is Zix even doing here? It appears to do literally nothing. In any situation where you have Exchange and Zix, you have end to end encryption of the transport as an option already without Zix.



  • @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.

    So the email is unsecured? What's the point?

    This just depends on how you look at it.

    Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.

    Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?

    Right, Exchange has X security to begin with. We presume that the goal of Zix is to add more security. But nothing more is added. The places where Exchange is secure remain secure and the places where it is not, remain insecure (the resting mailbox storage.) So other than milking the coffers, what is Zix even doing here? It appears to do literally nothing. In any situation where you have Exchange and Zix, you have end to end encryption of the transport as an option already without Zix.

    Well it doesn't do litterally nothing - it scans the out going messages and prevents data that is identified as protected from being transmitted over an unencrypted line to an outside party (i.e. another email server). If both parties have Zix, there is 'nothing' to worry about the data is sent between the two customers through Zix encryption over the internet, but, if one side doesn't have Zix, then it sends the receiptiant an email telling them to log into the web portal for delivery of the message.



  • @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    Two customers who both use Zix don't have to use the secure website, as the Zix appliances take care of that layer and sends the email unencrypted back to your email box.

    So the email is unsecured? What's the point?

    This just depends on how you look at it.

    Let's assume both sender and receiver have Exchange. Assuming both are using secure connections between their email client and the Exchange server (default for Outlook). The email is send securely to Exchange, which is sent securely to the local/sender Zix black box, which is sent securely to the receiver's Zix black box, which is sent securely to the receiver's Exchange server, which is send securely to the receiver's Outlook.

    Of course, the admin of either side can normally see all of the email on their own systems if needed - so is that what you mean by not secure?

    Right, Exchange has X security to begin with. We presume that the goal of Zix is to add more security. But nothing more is added. The places where Exchange is secure remain secure and the places where it is not, remain insecure (the resting mailbox storage.) So other than milking the coffers, what is Zix even doing here? It appears to do literally nothing. In any situation where you have Exchange and Zix, you have end to end encryption of the transport as an option already without Zix.

    Well it doesn't do litterally nothing - it scans the out going messages and prevents data that is identified as protected from being transmitted over an unencrypted line to an outside party (i.e. another email server). If both parties have Zix, there is 'nothing' to worry about the data is sent between the two customers through Zix encryption over the internet, but, if one side doesn't have Zix, then it sends the receiptiant an email telling them to log into the web portal for delivery of the message.

    Okay, but you should not rely on Zix to determine what needs to be secure, right? Just make everything secure and then the Zix appliance is pointless. Seems like a lot of money (it's not cheap, right?) and effort and cumbersome when just setting Exchange to TLS only will do a better job more reliably?



  • Yes making Exchange only send via TLS would be one option to make Zix pointless. The only thing of concern is what about any email domains you send to that don't support TLS connections - this might be a non issue, it might be a huge one, no way to know until you try I guess.



  • @Dashrender said in ZixCorp EMail Encryption:

    Yes making Exchange only send via TLS would be one option to make Zix pointless. The only thing of concern is what about any email domains you send to that don't support TLS connections - this might be a non issue, it might be a huge one, no way to know until you try I guess.

    Well a couple of things there...

    • If you run into issues, tell those people to turn on security as it is obviously an issue.
    • Do you want to be communicating with people when things are not secure?
    • Generally this is not a problem at all; all major email systems are secure.


  • I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?



  • @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    Yes making Exchange only send via TLS would be one option to make Zix pointless. The only thing of concern is what about any email domains you send to that don't support TLS connections - this might be a non issue, it might be a huge one, no way to know until you try I guess.

    Well a couple of things there...

    • If you run into issues, tell those people to turn on security as it is obviously an issue.
    • Do you want to be communicating with people when things are not secure?
    • Generally this is not a problem at all; all major email systems are secure.

    Most hospitals don't use major email systems (nor do clinics of any size).
    Do I want to be communicating with people when they aren't secure? I'm faxing so I guess the answer is, yes, yes I do want to communicate when it's not secure. 😉
    I can tell someone until I'm blue in the face, I can't force them to do anything about it.



  • @scottalanmiller said in ZixCorp EMail Encryption:

    I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

    Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.



  • @Dashrender said in ZixCorp EMail Encryption:

    Most hospitals don't use major email systems (nor do clinics of any size).

    So are you saying....

    • That they run their own and secure it?
    • Are insecure and don't protect patient data?
    • Don't run their own email and use little mom and pop shops?


  • @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

    Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.

    Didn't question that. I asked if you were running something to fix a problem that had not been identified.



  • @Dashrender said in ZixCorp EMail Encryption:

    I can tell someone until I'm blue in the face, I can't force them to do anything about it.

    Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?



  • @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

    Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.

    Didn't question that. I asked if you were running something to fix a problem that had not been identified.

    I guess I don't understand the question -

    The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.



  • @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    I can tell someone until I'm blue in the face, I can't force them to do anything about it.

    Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?

    OH, Now I didn't say that - I just said that they aren't using mainstream email services, like O365. At the hospital level, I'm sure they do accept TLS connections to receive email over. But the ones around here ARE using Zix to send outgoing secure email, instead of just turning all of their email server onto TLS only outbound email, which would be just as good, as long as the receiving side accepts TLS connections.

    I have no idea what percentage of email systems today don't accept TLS based email.



  • @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    I get the impression that this is scratching an itch that no one had. Is Zix deployed to fix an "assumed" issue that was never investigated?

    Zix and other are selling a HIPAA solution that allows non HIPAA data to still flow with no portal/TLS connection.

    Didn't question that. I asked if you were running something to fix a problem that had not been identified.

    I guess I don't understand the question -

    The problem as I see it is - HIPAA says you can't transmit PHI over an public connection unencrypted. Email is unencrypted by default. The use of TLS for email is probably 3 or so years old as a common thing. Google didn't even for the use of HTTPS for gmail at the beginning. So yes, there was a problem many years ago. Is it still a problem today? I have no clue.

    TLS for email is pretty old. Google's HTTPS is a red herring.

    The assumption in the industry is that this problem does not exist today or for a while. Your use of Zix is predicated on a security problem that, while totally possible, seems almost implausible, at very least unlikely. All major email hosts and email platforms have this by default. Only a shop making an effort to disable security, a literal effort, would be expected to not have TLS long before today.



  • @Dashrender said in ZixCorp EMail Encryption:

    @scottalanmiller said in ZixCorp EMail Encryption:

    @Dashrender said in ZixCorp EMail Encryption:

    I can tell someone until I'm blue in the face, I can't force them to do anything about it.

    Doesn't change the base question... is there anyone out there to tell? I think not. Sounds fanciful to suggest that the hospitals that you are dealing with won't accept secure email. Are you really saying that they would block that? You honestly think that?

    OH, Now I didn't say that - I just said that they aren't using mainstream email services, like O365. At the hospital level, I'm sure they do accept TLS connections to receive email over. But the ones around here ARE using Zix to send outgoing secure email, instead of just turning all of their email server onto TLS only outbound email, which would be just as good, as long as the receiving side accepts TLS connections.

    I have no idea what percentage of email systems today don't accept TLS based email.

    THat they ARE using Zix, though, is a red herring, right? All that you care about is that they have TLS. If they do, you get to save that money. Zix is just there to duplicate what Exchange already does.


Log in to reply