CNET también está disponible en español.

Ir a español

Don't show this again


Yahoo delivers encrypted email

The Web portal quietly introduces a way for people to send scrambled messages through a deal with ZixIt, an email encryption company.

Yahoo has quietly introduced a way for people to send scrambled messages through its email service.

As first reported in August, Yahoo is providing its email encryption option through a deal with ZixIt, a Dallas-based email encryption company. Yahoo will route encrypted email through ZixIt's Web site.

Yahoo and ZixIt representatives declined to comment on the public availability of the service and would not say whether it was an across-the-board launch or a temporary test.

In papers filed with the Securities and Exchange Commission, ZixIt disclosed that the service would launch in the fourth quarter.

Whatever its scope, the introduction of the service makes Yahoo the first major Web portal to offer encrypted email. So far, data scrambling has been the province of tech-savvy computer users willing to use products that require a software download, such as Network Associates' Pretty Good Privacy.

Yahoo's competition in the free, Web-based encrypted email arena comes from smaller players including HushMail and ZipLip.

Some analysts have questioned the value of a mass-market encryption product, suggesting that the odds of an email message being intercepted are infinitely smaller than the danger of compromising sensitive data stored on a lost computer or on a hacked Web server.

Yahoo's free encryption option handles outgoing email messages in a multistep procedure that the portal warns is not foolproof.

"Please be aware that this is not an end-to-end secure service," reads an explanation of the service posted by Yahoo. "This option only avails your recipient of a certain level of security in accessing and reading the email message you are sending. Before your email message is encrypted by it is still subject to the inherent limitations of a standard TCP/IP connection."

Yahoo's new system works like this: Once a message is composed, it travels, unencrypted, to Yahoo, which sends it through a secure connection to SecureDelivery. There, the message and any attachments are scrambled.

SecureDelivery then sends the recipient to a Web page, secured by Secure Sockets Layer (SSL) and hosted by SecureDelivery, where the message can be picked up and descrambled for up to seven days.

Recipients first have to verify that they hold the specified email account. They then can choose a "pass phrase" that will automatically give them access to future messages.

Under the terms of the deal, ZixIt will pay Yahoo at least $5.7 million during the next two years. On top of that, ZixIt will give Yahoo a cut of revenues "associated with Yahoo users."

ZixIt this month landed a second major client, Entrust Technologies, which will let people using its Entrust/Express encryption product send messages through the SecureDelivery service if their email recipient doesn't have an Entrust certificate. Under that deal, Entrust and ZixIt will divide usage fees and advertising revenues.