Unsecured email can easily be monitored and even altered as it travels through the Internet.

Your privacy can be violated by a list of entities ranging from common criminals and con artists to your neighbours, co-your workers, your ISP, and government surveillance and censorship agencies.

Unauthorized access to your email by hackers and identity thieves can have disastrous consequences.

And unlike with snail mail, electronic mail that has been copied or altered in transit shows no traces of tampering.

This lack of privacy makes normal email unsuitable for serious messaging applications, where confidentiality is important.

Fortunately, the ancient art and science of cryptography can be applied to enable the use of email for private communications with customers, business associates, family and friends.

Crypto-what?

Here's a quick rundown of basic cryptography jargon:

• Encryption is the process of transforming a message into a form (called the ciphertext) that is unreadable by everyone other than intended recipient.

• Decryption is the reverse process, of recovering the original plaintext message from the encrypted ciphertext through the use of a key.

• A cryptosystem is a set of protocols and algorithms to enable the encryption and decryption of messages. There are two main varieties: symmetric and asymmetric cryptosystems.

Symmetric Cryptosystems

Symmetric cryptosystems use the same key to both encrypt and decrypt the message.

This key is usually a large random number, generally in the range of 64 to 256 bits long (higher key sizes mean, all other things being equal, a higher level of security), which is used to mathematically transform the plaintext to create the ciphertext.

Symmetric cryptosystems raise the problem of secure key distribution. The encryption key must be transmitted from the sender to the receiver over a secure channel in order for the encrypted message to be secure.

This means an infrastructure for secure key distribution is a pre-requisite for secure messaging using symmetric cryptosystems, making pure symmetric cryptosystems impractical for ad-hoc communication over the Internet.

Asymmetric ("Public-Key") Cryptosystems

Asymmetric cryptosystems solve the problem of secure key distribution through the use of two different keys. One for encryption, and another for decryption.

The encryption key is made public, and is known as the public key.

The decryption key is kept secret by its owner, and is known as the private key, or the secret key.

The public and private keys in an asymmetric cryptosystem are linked to each other through a mathematical relationship such that a message encrypted using a certain public key can only be decrypted using the corresponding private key.

There is no need to keep the public (encryption) key secret in order to prevent unauthorized decryption of an encrypted message, as the decryption operation requires the secret key, not the public key.

So it is easy to distribute public keys over insecure networks, enabling encrypted communications without the need for secure key distribution.

You can publish your public key on the Internet, enabling anyone to encrypt messages "for your eyes only". These messages can then be decrypted and read only by you, using your private key.

This solves the problem of secure key distribution, and enables ad-hoc secure messaging without the need to agree on a shared secret key first.

Digital Signatures

Asymmetric cryptosystems also enable secure digital signatures for messages, to assure the recipient that a message really did originate from the person who apparently sent it.

With normail email, it's really easy to forge a message to make it look like it was sent by someone you know, or from a company you deal with.

Such messages could trick you into opening attachments that contain viruses or trojan programs, thereby granting some kid somewhere unauthorized access to your computer and all the data on it.

The ease with which From: addresses on email messages can be forged enables a very wide range of potential abuses, including "phishing" attacks which can cause victims serious financial losses, or worse.

Digital signatures allow the receiver of an email message to verify that the message is authentic, and really is from who it appears to be from, foiling all such attacks.

How do digital signatures work?

Digital signatures make use of the same public and private keys that we use for encryption with an asymmetric cryptosystem, but using them in reverse.

The sender signs the message using her private key, and this signature can only be verified using the corresponding public key.

As only the owner of the private key can produce a signature that can be verified using the corresponding public key, the receiver can know that a message is authentic and hasn't been tampered with if it verifies correctly using the sender's public key.

Of-course, a message can be both encrypted and signed. This will ensure both that it can not be read by unauthorized parties, and also that it is authentic and has not been tampered with en-route or forged altogether.

How does Neomailbox use encryption?

Neomailbox provides encryption services at different levels:

• Secure Sockets Layer (SSL) Session Encryption

  We use SSL session encryption to protect all communication between your computer and our servers. IMAP, POP3, SMTP, Web mail, as well as the entire website, are all accessible over SSL secured connections.

  This protects your communications with the mail servers from unauthorized interception and/or eavesdropping.

  Note that we provide full hardware-accelerated SSL session encryption for all services which secures all your communications with our servers.

  In contrast, some other services pretend to offer SSL access, but really only provide SSL-secured login, and not full SSL session encryption. Beware of such services!

• OpenPGP encryption

  OpenPGP is a widely deployed, time-tested, open protocol for asymmetric encryption, key distribution, and digital signatures.

  You can download free OpenPGP encryption tools and plug-ins for popular email programs from our OpenPGP tools page and use these to secure your communications with OpenPGP.

  We will happily assist you with using these tools, if you have any questions or need any help.

• Encrypted / Signed Support

  As a fraud-prevention measure, all mail sent by representatives of Neomailbox is signed using OpenPGP, and can be verified by checking the signature against our PGP Public Key or by using our handy online signature verification tool.

  You can also send us mail encrypted using our PGP public key. If you send us your PGP public key, we will encrypt our responses to you as well.

• Secure Authentication

  In conjunction with a compatible email program, such as SecureBat! from Ritlabs, and a hardware authentication token, such as the Aladdin eToken Pro or Rainbow iKey1000, Neomailbox servers provide challenge-response based secure hardware authentication.

  Using a physical hardware token (a small key-chain sized USB device) to login to your account can protect your account login information even when you access your account from an untrusted computer. Read more about hardware token authentication.

We're working on a number of additional encryption services to provide enhanced privacy, which will be announced soon.

Try it risk-free

If you care about your privacy online, why not sign up for our full-featured secure email service.

The service features state-of-the-art anti-spam and anti-virus systems to eliminate virus and malware threats and identify junk mail, as well as unlimited disposable email addresses - all integrated into a single service.

And that's not all. With our offshore secure email service you also receive access to two separate state-of-the-art anonymous surfing proxies which secure and anonymize your web surfing.

We're so sure you'll love the service that we offer a watertight, unconditional 30-day money back guarantee if you're not completely happy with your account for any reason. So try Neomailbox risk-free - sign up now.