The only security that lets you do what you want.

Why ZSentry?

Given the march of technology, the only way to truly protect information is through the absence of a target — because no firewall is good enough, and no defense is strong enough, to stop every attacker from inflicting harm.

The world’s only security solution that lets you do what you want. NMA ZSentry creates a Sans Target platform for "instant on" regulatory compliance, utility, and mobility, with no changes to user systems, services, or devices. ZSentry is U.S. Certified as a Health IT EHR Product, ARRA and HIPAA compliant.

Adding ZSentry integrates the solutions customers and users already have with the communication security that both need. With ZSentry, customers can do more, cut costs, comply today with HIPAA, HITECH Safe Harbor, and financial regulations, without burdening people.

For example, as used with ZSentry for Google Apps and Outlook, the ZSentry Single-Sign-On (SSO) operation occurs behind the scenes, in-between clicking Send and the email being actually sent. If the user notices anything, it will be the absence of an intermediate login step.

ZSentry Maximizes Value for Customers. Because ZSentry is appositive (meaning: works in "near placement") to Microsoft, Google, and other platforms, a user’s setup can use any or all of them, and change the mix at any time. This can allow users to more easily "route around" and overcome a failure affecting a system or its network. For example, a cell phone can be used to send and receive secure email if the office Internet line is down. Benefits include more functionality, allowing users to do more, redundancy with Microsoft and Google serving as two independent IT systems, improved availability, reduced risk, potentially less cost (vs single-sourcing), and the capacity to add more platforms (for example, Oracle, SAP, IBM, iPad, mobile) as needed. You can also setup a redundant ZSentry system, that you physically control, with ZSentry Director.


We provide improved functionality, usability, security, mobility, and regulatory compliance in any platform, product and service.

Our objective is to enable organizations to limit risk online for everyone and deliver superior products and services with much lower cost. Our products are designed to be broadly applicable, without changes to existing products or services, and allow users to do more with less cost. Our customers can securely reach any user, worldwide.

With ZSentry, at no cost or effort larger than a mouse click anyone can read a secure email Zmail (ZSentry Mail), and reply securely. If the sender allows, people can reply securely without cost or even registration.


The User Experience Shall Not Be Modified.

We implement our Strategy by following the simple Premise of not changing the user experience. By not requiring changes, we also enable the user experience to change at will as organizations and end-users may want.

Accordingly, we developed and deployed NMA ZSentry as a middleware. This enables our customers to use ZSentry with almost any existing infrastructure, application set, customer-hosted or cloud choices, and training, while enhancing functionality and security. The use of ZSentry as middleware also eliminates the need for plugins and installation.

Applications and systems that can use ZSentry as a middleware can seamlessly span desktop, cloud, web and mobile platforms. Examples include AOL, Apple (Apple Mail, Safari, iPhone, iPad), Blackberry, Google (Google Apps, Gmail, Gmail Mobile, Android), Linux (Ubuntu and other distributions, in Mail clients and Web Browsers), Microsoft (IE, Hotmail, Live, Outlook, Word), Mozilla (Firefox and Thunderbird), Yahoo Mail, and security standards such as PKI and PGP.

We want to reduce user frustration in having to use a different tool if one needs security and regulatory compliance. We make it simple to protect both senders and recipients against spam, eavesdropping, forgery, impersonation fraud ("identity theft"), phishing, and other attacks, while offering more integration and more choices than any other product.

Our approach also helps reduce the focus on security, so that at long last people can focus on what they want to do, not how they have to do it.

NMA ZSentry is at the same time affordable, secure, and usable, by organizations as well as by their employees, customers, partners, and visitors.

NMA ZSentry enables an open platform for secure productivity solutions, that organizations can use with their legacy systems and also readily extend, using proven ZSentry solutions with "instant-on" ZModules such as Mail, Secure Vault, Self-Destruct, Return Receipt, and Secure Forms. The absence of plugins or installation motivates adoption, and makes ZSentry work as an "instant-on" service also remotely, at the receiving end.

Most importantly, NMA ZSentry differentials include eliminating online data theft targets for our customers and their users, which we call Sans Target. The principle is that the ultimate and fail-safe defense against data theft is to not have the data in the first place.

We are at your disposal to help you identify new ways to enable your organization to spend less and communicate better, while minimizing the risk of exposure. Please Contact Us.

Team and Experience

The NMA ZSentry Team includes recognized Internet & security industry leaders who have worked and contributed in the early ARPANET days in 1975, with the IETF (Internet Engineering Task Force), in the development of email MIME encoding, with the MCWG (Meta-Certificate Working Group) on digital certificates and trust models, the launch of First Virtual Holdings (1994) and its IPO (1996), the first successful online payment system, and other key accomplishments of the First Internet Era.

In the Second Internet Era (post-bubble, 2001), members of the NMA ZSentry Team worked and contributed in proposing a secure online voting technology, first qualified by the California Secretary of State in 2000, and by the Swedish Government's Ministry of Justice Statskontoret in 2001, the launch of ZSentry Mail (Zmail) in 2004 as the first secure and usable email system, and the ZSentry Desktop technology in 2009, allowing recipients to open and reply securely to messages anywhere, using desktop, web or mobile, without registration.

The first ZSentry Mail (Zmail) was sent in July 2004, followed by open public tests with an early free sign up model. Sales started in 2011, after ZSentry was certified for HIPAA and ARRA compliance by the U.S. Government. Millions of people have used Internet services powered by ZSentry, often without realizing that anything out of the ordinary was happening while, behind the scenes, the ZSentry technology was at work.

NMA ZSentry gives users the power to connect and unilaterally extend the utility and security of third-party products -- without changes -- into a cohesive service that provides more value to the user. Our core strength comes from enabling an apposition worldview with mutual benefit, versus opposition.

We have made some of our most important progress through dialogue with users, and learning experiences in system-user interactions. We have also benefited greatly from higher-tier users and customers who are noted professionals in their fields.

About Our Technology

Why yet another secure email technology?

Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), developed ca. 1996, are well-known cryptographic protocols that support secure communications on the Internet, usually by means of Public-Key Infrastructure (PKI, X.509 standard) server certificates. SSL/TLS is very successful in ecommerce today. Because of its simplicity, SSL/TLS is used by some secure email providers including Gmail and Postini. However, SSL/TLS falls short of basic email security requirements. For example, because SSL/TLS messages are only encrypted in-between end-points, third parties can compromise message security and integrity at the security-gaps created at each SSL/TLS end-point (i.e., not only at Gmail or Postini but also at the recipient's ISP), and at the recipient's machine.

Password-based email encryption is cumbersome to use, has no first-contact capability, and is trivially open to exploits by spoofing and phishing attacks. In addition, because users are likely to choose a weak password (even though it may look strong) and not periodically expire them, password-encrypted email may be rather easy to crack by the same automatic dictionary attack tools already in use to crack password files effectively.

Regarding security technologies that have been developed specifically for the needs of email security, lack of a usable and secure solution for managing cryptographic keys has been a major failure point.

For example, with PKI and Pretty Good Privacy (PGP, as used by PGP and Hushmail), a user's private-key is embedded in a password-protected file that can be attacked and cracked.

PKI/X.509 end-user certificates provided for example by VeriSign or Thawte, which are required in order to use PKI for email security, have a number of well-known problems (including cost, lack of revocation status assurance, spoofing, and lack of first-contact capability).

PGP, even though it can be used without any cost, lacks a reliable facility for certificate revocation status, uses a web-of-trust certificate issuance method that does not scale beyond small groups, and lacks first-contact capability.

With Identity-Based Encryption (IBE, as used by Voltage and MessageGuard), the private-keys of all users must be stored in the servers and may be available to third-parties without user authorization (this is called mandatory key-escrow).

Even though conventional PGP and PKI/X.509 solutions are notoriously far too difficult to use, a number of providers use servers to automate some of the tasks that were previously done manually. While this does improve ease-of-use, it may compromise HIPAA/HITECH Safe Harbor conformance, and still has to deal with several limitations of the underlying technologies PGP and X.509/PKI.

For example, the lack of first-contact capability in PGP and X.509/PKI has been countered by server-solutions that set and request passwords, which reduces usability for first contact, creates online targets for username and password lists, and sharply reduces security.

Therefore, for the conventional email security solutions, when the key management solution is secure (PKI, PGP), it is not usable (complexity, counter-intuitive behavior when compared to postal mail, unreliable key certificate revocation, and other known issues). When it is usable (SSL/TLS, password-based, IBE, Voltage, MessageGuard), it is not secure (security-gaps, weak passwords, open to phishing and spoofing, mandatory key-escrow, no key revocation, and other known issues).

NMA developed ZSENTRY to allow any two parties, possibly with no previous contact, to establish a secure and private communication channel (e.g., a secure email message exchange using Zmail) without the usability and security shortcomings of conventional technologies such as passwords, PKI, PGP, IBE, and SSL/TLS. ZSentry, ZSentry Mail and secure email Zmail are NMA technology and trademarks since 2001.

Read About Our Technology >>

Main Technical Notes
Overview   Key Features   ZSentry App   ZSentry Client   API   Smart IT   SAML & SSO
  Security   Usability   HIPAA & HITECH   Experience   Why ZSentry?   Red Flags   SUMMARY

Trademarks and Copyrights are the property of their owners, all rights reserved.