Email encryption and document access control in a Windows environment

Authentica's MailRecall 1.1 provides email encryption and document access control beyond standard encryption techniques for companies that require ultimate control over their email and file attachments. Authentica also offers software to complement MailRecall: WebVault provides protection for HTML content, and PageVault protects files and documents. You cannot use MailRecall as an email server on its own, but you can run the software with an existing setup using Microsoft Exchange Server or SMTP/POP3.

Features and Benefits
MailRecall features a 128-bit RSA encryption algorithm to protect email and file attachments. What makes MailRecall different from similar products is the document management capability available after email leaves your system. MailRecall's Policy Server feature lets you administer how the user interacts with the email. Either the original sender or the Policy Server administrator can set print or copy commands, set times and dates when the recipient can open the email, and set the time when the email expires. Any business that runs the risk of having sensitive emails and documents end up in the wrong hands, causing major problems and lost revenue, can use MailRecall to its best advantage.

Installation and Use
Authentica recommends that you install MailRecall's Policy Server on at least a 166MHz Pentium system with 64MB of RAM. If you're running Windows NT 4.0, you must have Service Pack 5 (SP5) or later installed. MailRecall clients run under Windows 2000, NT 4.0, and Windows 9x and require a 75MHz Pentium system with 64MB of RAM for Win2K and NT 4.0 and 32MB of RAM for Win9x. For testing MailRecall, I used an AMD K62-450 system with 128MB of RAM running Win2K Server, and I had no performance issues with the Policy Server or the client. Although you shouldn't have to buy new hardware, you should always have up-to-date hardware when using encryption technology.

MailRecall comes in two subsystems: the Policy Server and the MailRecall client. When users open their encrypted messages, the Policy Server does all the work, tracking all message rights and user accounts for MailRecall. On installation, you can set up the MailRecall client to integrate with either Microsoft Outlook or Eudora Pro email clients. Authentica also provides a free universal reader that lets you view basic encrypted email messages, no matter what email client you use.

I installed MailRecall as quickly as I would install a standard Window-based application. Policy Server installs as a system service, and the client installs as a standard Windows application that requires no special system access. Be aware, however, that you should read the MailRecall manuals during the MailRecall configuration setup. The first time I set up the product, I had to tweak it a lot to get the basics to work cleanly. After eventually removing and reinstalling the product, I referred to the manual and had the software working much more quickly. The product is not overly complex; certain things just weren't obvious in my first installation. For instance, without reading the manuals, you might not realize you need to set up a secure certificate or exactly how you define what the Policy Server does when a new recipient accesses an encrypted email. Once you've used the Policy Server Configuration applet, you'll find the Policy Server Configuration interface easy to read and use, as Figure 1 shows.

Because MailRecall needs to ensure that users are sending and receiving emails from a secure source, Authentica requires that you set up a secure certificate for the Policy Server. You can set up a temporary, self-signed certificate, but Authentica recommends that you obtain a proper certificate from VeriSign or a similar agency. The MailRecall manuals provide all the details on how to obtain or set up a certificate.

Once I set up the server, I ran the Policy Server Administrator, which lets the administrator control users, groups, default policies, document control, and MailRecall logging. If you have many users or documents to handle, you can assign departmental administrators to control email for their particular group. The integrated logging function provides useful information about what is going on with the Policy Server’s documents and the clients it oversees. The logging function requires your attention to pick out important occurrences, as Figure 2 shows. I could not print the information directly, but I could select, copy, and paste the contents into other documents. The logging could be a bit more functional and less cryptic.

You can choose how you want the Policy Server to handle recipients of protected email. The easiest way is to let users send email to anyone by having the recipients use the keys sent in the initial email messages. The server automatically generates the keys that let the recipients know what to do with their encrypted messages. The problem with this approach, however, is that it's not secure if someone intercepts or redirects the message. Because the server doesn't care who actually uses the key, anyone can use the key to see what's in the message. The best, most secure way to address this problem is to have the MailRecall administrator manually initialize the account requests. Obviously, this initialization process can be very time-intensive because you have to manually approve every request to create a new user account with the Policy Server. However, this step is necessary if you absolutely must know who is accessing your email. Other easier, but still effective, ways to provide authentication include email verification, certificate verification, and secure IDs.

Client setup easily and seamlessly integrates into Outlook or Eudora Pro by providing a new drop-down menu with options to log on to your Policy Server. You can then add or delete recipients, toggle document settings, and set document control features. Setting the permissions, lease duration, valid date, and expiration features is easy and self-explanatory, as Figure 3 shows. If the Policy Server has overriding settings that don’t let the user access a certain setting, that setting won't work and the administrator might need to toggle the setting if the sender needs it set for that email. Unfortunately, the client doesn’t show whether the server has overriding settings so it is up to the administrators to inform the users of their rights. Once you send encrypted messages, MailRecall asks whether you want to have the software set up new accounts for these users when they access the messages (thus sending the "how to access this email" message), or whether you want to associate the receiver to a server account that you've set up already.

When the unregistered receivers get MailRecall emails, a message in each email guides the recipient through downloading and setting up a universal MailRecall reader and logging on to access each message. Every time you get a message from a different company’s Policy Server, you must set up an account on that server. Once the user has an account with that particular Policy Server, the user doesn't need to set up an account again. Average users tend to get frustrated with the process even though it's not difficult. Administrators and users with technical backgrounds will probably need to help people who have never received encrypted messages before.

Once recipients use the supplied key to authenticate their emails with your Policy Server, the recipients can open and read the emails, and perform whatever functions you or another administrator has set. If you decide that you don't want the recipients to print or copy text from the documents, simply disable these functions in your client application. If users try to bypass the copy or print security by making a print screen of the email, the MailRecall client will not let users paste a screen shot that incorporates an open message. A user can’t even minimize Outlook without first closing or minimizing the open message.

MailRecall's best feature is its ability to "recall" an email by letting you set the time for the email to expire or by deleting it on the server. The next time users try to access that email, they will receive a message stating that the email has either expired or has been deleted and that the email is inaccessible. Every time someone accesses an email, MailRecall asks the recipient to log on to the Policy Server. This process is quick—just a few seconds—and the documents either open or do not. Because recipients must authenticate the email every time with your Policy Server over the Internet to access an email, if the email has expired, the document will not open again. The server has told the client that the right to access the message has ended. When I tested the software, after I changed different settings and expired documents, this feature worked without fail. The slight delay in accessing protected emails was negligible.

There is an offline mode that you can configure on a user-by-user basis if needed. In the offline mode, an administrator sets the file or email option ahead of time and then the recipient starts a lease by authenticating the email with the Policy Server over the before taking the system offline. This way the client knows how to handle the permissions. The only security at this point is the user password; however, the client acts as its own Policy Server when offline. If the user tries to tamper with the settings or change the system clock, the document or email won't open, and the user won't be able to use the lease on that document from then on. When the client reconnects again to the Policy Server, the client tracks all email or document use and sends alerts pointing out the activity.

The MailRecall documentation is very good and includes a brief glossary of terms. When I used Authentica's Web site email support form one evening, a customer support representative called me at 7:30 the next morning. I was impressed with this quick response.

The Bottom Line
Authentica has made sure the product works the way it should. Although MailRecall 1.1 is too expensive for most small organizations, if you need total security and control over your sensitive email and documents, MailRecall is the best product available. MailRecall's document recall and access control is great, performing very quickly. Universal client configuration can be awkward for the average user, and applying the strongest security model does require an administrator's substantial attention, but MailRecall delivers. If it weren't for the cost, I would recommend MailRecall for everyone. The bottom line: if you value your email security, get this product.



MailRecall 1.1
Contact: Authentica, Inc.; 1-877-532-8060
Web: http://www.authentica.com
Price: Prices vary based on the number of concurrent logons required; prices start at $17,500 for 25 logons and go up to $225,000 for 1000 concurrent logons; support costs vary.
Decision Summary:
Pros: Basic setup and operation is easy and quick; very good print and online documentation; 128-bit encryption; additional access options beyond message and file encryption; free small universal mail reader.
Cons: Too pricey for most small business use; applying the strongest security features requires dedicated administration; client setup might be confusing for the average user.