ZSentry Click to print
Frequently Asked Questions (FAQ)
Spoofing, Phishing, Pharming, Spam
How To Prevent Email Fraud
Protect your message privacy and your identity
Assure your recipients that your email is from you

Anyone can send a regular email using your name and email address (spoofing), and lure recipients to disclose their private data (phishing). Your email address is global and searchable and that's why your mailbox is overflowing with spam and you receive complaints about emails that were actually never sent by you. Anyone can read the email you send and receive, even if you have a firewall and use SSL, your spam filter is killing good emails, and you can't open attachments even if you know the sender. What's the answer? Add ZSentry.

How can ZSentry protect against spam, spoofing and phishing emails?
ZSentry Mail (Zmail) prevents spam, spoofing, and phishing because ZSentry solves both problems of (1) authenticating the source of a message; and (2) authenticating the name and email address of senders and recipients. For example, if a Zmail comes to you from the email address <friend@isp.com>, and you can decrypt it using the ZSentry service, then you have strong, cryptographic evidence that it did come from that address as cryptographically authenticated during signup, with the original subject, date, body and attachment intact.

To read a Zmail, ZSentry also reminds users that they can copy-and-paste the ZSentry link (when, as selected by the sender, the Skin uses a link). Rather than just click on the link, this simple procedure prevents users from landing at a destination that was encoded in the email to be different from what users can read on the screen before they click. A further benefit of the ZSentry approach is that it does not require the customer to update anything in order to remain protected.

Other approaches such as those based on email headers, reputation, non-verifiable metrics (eg, community detection), blacklists, pattern detection, heuristics, zombie detection, and message scanning, can break privacy and may easily fail. One of the reasons to fail is that spam and phishing emails are created in an arms race scenario, where defenders lag behind with less knowledge and resources and are often fighting well the last exploit but not the next. Exploits are also hard to filter because they spoof various parts of email headers and body, and come in the name of people or organizations you trust — your friends and business contacts. You probably receive several emails from yourself (surely, it is a valid email address and one that belongs to a real, reputable person) that you never sent.

Training users to detect spam, spoofing and phishing adds costs and also frequently fails, as users cannot be trusted to follow procedures, are easily distracted, and may not understand the instructions in the first place.

How about spam? ZSentry also has a zero-tolerance spam policy. There are several mechanisms in place to prevent any ZSentry user from abusing the system and sending Zmail spam. For example, ZSentry BASIC users can send a limited number of secure email Zmail messages a day. ZSentry PREMIUM users, who must provide a valid payment information and physical address in order to use the service, are allowed to send larger amounts of secure email.

Why is regular email communication not secure?
Sending an email is similar to sending a postcard. Any regular email that is sent by you or to you may be copied, held and changed by various computers it passes through, as it goes from you or to you. Persons not participating in your email communications may intercept your communications by improperly accessing your computer or other computers, even some computer unconnected to any party in the communication, which the email passed or was made to pass through. In addition, in the same way that anyone can send a postcard in your name, anyone can send a regular email using your name and email address.

What is a "spoof web site"?
A spoof website is one that mimics another website to lure you into disclosing confidential information. This can be done even with SSL (Secure Sockets Layer) using 128-bit encryption. To make spoof sites seem legitimate, spoof web sites use the names, logos, graphics and even code of the real company's site. They can even fake the https web address that appears in the address field at the top of your browser window and the padlock SSL Lockthat appears in the lower right corner of your browser.

What is a "spoof email"?
A spoof email has the "From:" header of the email, and possibly other headers as well, set to the email address of a different sender, to lure the recipient to read and act on the email. For example, using the email address of a friend, a legitimate company, a bank or a government agency. This is very easy to do with regular email. To make spoof emails seem legitimate, the email body uses the names, logos, graphics and even legitimate web addresses and email addresses in some fields. The action links in the spoof e-mails almost always take you to a spoof web site. Spoof emails can be sent also as an attack against you or your organization, with fraudulent offers, bogus announcements or malicious content.

What is a "phishing email"?
Phishing (or hoax) emails appear to be from a well-known company but can put you at risk. Although they can be difficult to spot, they generally ask you to click a link back to a spoof web site and provide, update or confirm sensitive personal information. To bait you, they may allude to an urgent or threatening condition concerning your account. Even if you don't provide what they ask for, simply clicking the link could subject you to background installations of key logging software or viruses. Every business on the Internet is a potential victim of phishing email attacks, eroding the trust of their customers in the company's communications.

What is "pharming"?
Pharmers redirect as many users as possible from the legitimate website they intend to visit and lead them to malicious ones, without the users' knowledge or consent. A malicious site can look exactly the same as the genuine site. But when users enter their login name and password, the information is captured. Emailed viruses that rewrite local host files on individual PCs, and DNS poising have been used to conduct pharming attacks. Even if the user types the correct web address, the user can be directed to the false, malicious site.

What is "spam"?
All Internet users should by now know about spam. The word spam as applied to email means Unsolicited Bulk Email. Unsolicited means that the recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantially identical content. Usually, a message is spam if it is both Unsolicited and Bulk. Unsolicited email is usually normal email (examples include first contact inquiries, job inquiries, and sales inquiries). Bulk email is usually normal email (examples include subscriber newsletters, discussion lists, information lists, and update announcements).

How about web site spoofing and pharming? How do I know I am at the legitimate ZSentry site when I use Zmail?
With its unique login technology, ZSentry prevents spoofing and pharming of web sites, protecting the web site zsentry.com in several ways. First, you could verify that the website address begins with https://zsentry.com/, where the letters cannot be easily confused with other letters or numbers. The ZSentry login looks like the usual username and password login, but in two screens. You do not have to give your password unless you have a first proof  that the website you reached is allowed to process it. The first proof  is provided by the Return Code (RC), a three-letter combination (such as "BTP") that you receive when you register. When you verify that the three letters calculated by the website match exactly the three letters of your RC, which you have not disclosed, you have the first proof  that the website is legitimate and can be trusted to process your ZSentry Password in order to authenticate you.

Matching the RC helps prevent spoofing, phishing and pharming, but may still be overcome by a "man-in-the-middle" attack. If needed for your application, ZSentry provides further proofs for your verification, using additional channels. For example, you can verify whether the SSL certificate used by zsentry.com matches expected values that you know beforehand.

Do I need to change my ISP or email address?
No. You can use any email address and provider you want, including webmail.

Are ZSentry BASIC users also authenticated?
Yes, with the same challenge-response procedures used for PREMIUM users. ZSentry BASIC users are securely authenticated, providing a solid Identity Verification base for their online identity, and allowing them to use their email addresses in exchanging information with PREMIUM users.

What can happen if I don't use Zmail?
Without Zmail, your email messages are like postcards, open for anyone to read and even write on them. Anyone receiving an email identifying you as the sender has no way of knowing if you really sent it or not. Your emails are confused with spam or phishing, and deleted or delayed by overloaded systems and people. Your customers may receive emails using your name, that can cause you and them great harm, and yet many will not even be able to identify those emails as fraudulent. Regular email is broken in many ways and Zmail helps also because it is simple to use, works, and does not break the way email works. Anyone can receive a Zmail from you, and it's free to read. Anyone can send Zmail to you, and it's free to send. Zmail is email security that is easy to use.

The contents of this entire site and domains zsentry.com are © Copyright, NMA Inc., 2010. All rights reserved, worldwide. Titles and product names are trademarks of NMA, Inc., including NMA, ZSENTRY, Return Code and ZMAIL. Patent pending.