VESmail
any non-browser email app
you need email encryption -
Regular email
Regular email is only encrypted (by TLS) while
in transit between devices (blue arrows).
It is not encrypted on any of the four
devices on which it is indefinitely stored once sent.
Unencrypted email stored on the sender's and recipient's email servers (red boxes)
is the biggest hacking vulberability to email.
VESmail
With VESmail, the sender's email is stored in an encrypted state
on both servers (blue boxes).
This eliminates the biggest vulnerability with email.
Why
Email works universally because it’s free.
To work universally, encrypted email must also be free.
For Individuals
Free.
No watered down version.
No limitations.
Get started
For Enterprise
Free trial on a monthly basis.
At month's end you can easily extend the monthly trial,
if you need more time to evaluate.
No credit card info needed to sign up.
Cancel any time without obligation.
Eventually, a paid account is required.
Or,
simply have employees use the free Idividual VESmail product,
but forgo the additional benefits of VESmail Enterprise.
Get started
Safety AND Security
Prior to VES, users of encryption had to choose between safety and security.
They could opt for the full security of undiluted end-to-end encryption,
but with no safety of recovering content if the key is lost.
Or, they could choose safety by sharing copies of keys with others,
but in the process dilute the security and privacy of encryption.
VES sets a new paradigm that allows for the full privacy and security of undiluted e2e encryption,
AND the safety of recovering encrypted content if the key is lost
making e2e encryption pracitcal for mainstream use.
To learn more about VES the and risk odds from key loss,
visit VESvault.com
and in particular the The Math page -
an interactive cacluator to estimate risk under different scenarios.
Convenience
Convenience starts with not needing to have a special email
account to use encryption.
With VESmail you keep your existing IMAP email account,
all your past email messages and all your contacts.
But VESmail takes convenience to a whole new level.
Selecting the AUTO option in the VES encryption settings
allows for seamless, set & forget operation.
The VES app operates invisibly in the background -
enacting VES encryption on emails sent to other VESmail users,
while not using VES on emails sent to those who don't use VESmail.
This means your recipients who don't use VESmail don't need to do any extra
inconvenient steps to read your emails, so you don't have to hear them
complain to you to stop sending them encrypted messages.
You never have to think twice about sending an email -
because anything less is less than convenient.
Universality
VESmails works with all IMAP email accounts.
It works with all non-browser email clients/apps.
It works on all iOS, android, macOS and windows devices.
It works for both enterprise and personal emails accounts.
The same VESmail app on any device handles unlimited enterprise
and personal email accounts.
Simply download the VESmail app to any device, connect all the
email accunts and all the email apps you use on that device and
you're good to go!
Safety AND Security
VES provides the security of undiluted end-to-end (e2e) encryption,
and the safety of recovering content if the key is lost,
eliminating the prior tradeoff between
security and safety.
This new combination finally enables e2ee (end-to-end-encyrption)
to be practical for mainstream use with email.
Security
There are no shared keys on a server or anywhere else,
eliminating that common backdoor vulnerability.
Neither is there a collusion risk that friends who can
assist in recovery can rebuild a key and access your content.
With those two vulnerabilities mitigated, the
security of e2ee is uncompromised.
Safety
VES provides a means of recovery from key loss
that can acheive a failure rate of lower than 1 in 14 trillion.
Simply, VES can achieve new benchmark levels of safety from key loss.
Visit The Math to learn more about VES and the variable odds of VESrecovery.
VES is a SAAS
This unique combination of safety and security is the basis behind VES being
offered as a stand alone SAAS (Software As A Service)
to other SAAS providers. They can integrated VES into their products
and extend the benefits of VES to their users.
In fact, VESmail is the first example of this. When creating a VESmail account, a user is
also simultaneously creating a VES account for the exact same email address. The PIN is actually
associated with the VES account and is used for key management and key loss VESrecovery.
These PINs and VES accounts can be used to recover lost encrypted
content for any SAAS provider that integrates with VES.
Vist VESvault.com for more information about VES and VES as a SAAS.
Setup
You and your posse download the VESmail app
to each of your devices. Then add your email accounts and
adjust the settings to your email apps, but leave
the VES encryption in the default AUTO setting.
Lastly, list each other as friends in VESrecovery and
you're done.
What happens
Use your email exactly as you did in the past. In AUTO mode, every time you press the Send button, VESmail automatically decides whether to encrypt the message or not. Emails sent to your posse, or anyone else with a VESmail account, will be encrypted. Emails sent to everyone else will not be encrypted.
Benefits of set & forget
You never need to think about email encryption again.
You have the peace of mind that all information shared with your posse is secure and private with
e2ee.
And, you never need worry about switching off encryption when sending to others who don't
have a VESmail account because that's done automatically. You don't inconvenience them
with the extra manual steps of decrypting your emails, and they don't inconvenience you
by complaining that opening your encrypted emails is a hassle.
This set & forget email encryption functionality is
the way e2ee email should be...the way it must be.
Corporate Compliance
Without the ability to access user encrypted emails,
email encryption just doesn't work for corporations. There
must be oversight to ensure users are not engaging in questionable
activities or misrepresenting the enterprise.
VESmail provides oversight for corporate compliance by
enabling the enterprise admin to designate email addresses that are coppied
on all emails sent by users as well have the encryption key.
To ensure this functionality is not abused, there are a number of safeguards.
First, there is an invitation/rsvp process for admitting email addresses to the enterprise instance.
An invitation is sent to the potential user when the enterprise admin adds the email address
to the Access List. The owner of the email is alerted to the access rights and must accept
the invitation to join the Access List.
In addition, the enterprise admin can only send invitations to email addresses that have the same
domain as the one the admin used to create the corporate instance.
VESrecovery Inheritance
A key aspect of VES is VESrecovery, whereby the user can recover encrypted content
is the encryption key is lost. Critical to VESrecovery is that each user must select
a group of friends to assist them in VESrecovery.
VESrecovery Inheritance gives the enterprise admin the ability
to pre-select a group of friends that each user immediately
inherits when joining the enterprise instance, bypassing the need for
users to select a group of friends themselves. Users can add/delete
friends to their network afterwards. This gives the entire enterprise an immediate,
robust VESrecovery network to ensure against key loss.
For more information about VES and VESrecovery, vist VESvault.com
Any size enterprise
VESmail is completely independent of size and works just as well for a two person enterprise as it does for a massive enterprise. The same software, same setup process, same tools, same everything are used for all cases without limitations and without special considerations. It's plug-and-play regardelss of size.
No IT skills needed
Anyone can setup and run VESmail enterprise without any IT skills. Once set up, the only periodic administration that may be required would be to change the user access, which also requires no IT skills.
No company server needed
For simplicity and convenience, VESmail enterprise was designed so that your enterprise instance is created on our server. It can be left there and your enterprise will still have full e2e encryption. Or, if you have a company server, you can easily migrate your enterprise instance to your server.
Setup in seconds
For any size enterprise, it only takes about 30 seconds to setup the enterprise instance.
It then takes about another one to three minutes to configure your Enterprise Compliance and VESrecovery
Inheritance. All of this is easily done through the browser
based VESmail interface.
The amount of time it takes to add users to your instance depends on the number of users. The VESmail interface
allows you to type in the name section of the email address (the part before the @) one at a time. For larger
enterprises, that have a server and an IT function, bulk uploads of user email addresses are possible.
That's all there is to setup.
No scalability issues
If you're a two person firm, you're not too small for VESmail enterprise. Then, you can forget about scalability no matter how large or fast your grow. The only thing you need do is add names to your User Access List, which can be hundreds of thousands long and still present no scalability issue to you.
Set and forget admin
Once you setup your instance, Enterprise Compliance, and VESrecovery Inheritance, you really never need bother with them again. Your only ongoing task is to keep your User Access List up to date - adding and removing users as needed. It doesn't matter how small or big your enterprise is, that's really all there is to it.
Simple to add/delete users
Log into your VESmail account, go to the User Acces List page, enter the email address to add a user or select the delete button next to an existing email address to remove the user. That's it.
Compliance/oversight of user emails
To ensure that users are not engaging in nefarious or negligent activity through their
encrypted email correspondance, VESmail provides a means of oversight. The administrators
of your enterprise instance can designate email addresses from your User Access List
to have encryption key access, and be coppied on all encrypted emails sent by all users on your Access List.
You can designate a real user email address or create an email address designated for this purpose but shared
by multiple actual people, so that the regular inboxes for your auditors won't be innundated with these emails.
Set & forget user experience
Vesmail works seamlessly and invisibly in the background. This means your users never have to think about selecting any encryption settings when sending an email. They just press the send button without a second thought.
No user training
Since VESmail works seamlessly and invisibly, you don't have to retrain your enterprise users on how to use email. They simply continue using it exactly as before. No training, no training documents, nothing to update.
Universal to your universe
Since VESmail works with all IMAP email accounts, all non-browser email apps and all standard operating systems
and devices, it works with everything in your enterprise universe. It fits in with all the personal laptops, phones
and tablets that your users use. Moreoever, since the same VESmail app downloaded on their devices works for any
personal or enterprise VESmail account, you get the additional benefit of your users expanded VESrecovery network
in ensuring VESrecovery for the encrypted emails through your instance. And, you get this for free.
An Instance
An Instance is a copy of software code. The VESmail Instance you
use is where encryption and decryption takes place for your VESmail account.
You can have a differenct Instance for each email account but only one Instance for
each account. A single instance can be used for multiple email addresses, which is
the case of the VESmail app on one of your devices.
Location
The Instance you use can reside anywhere: your device, company server, home server,
your server in the cloud and you can even use the VESmail public Instance located
on our server in the cloud.
In all cases, the code is exactly the same and your outgoing emails are stored in
an encrypted state. That's the most important thing in keeping your info secure.
If you use an Instance on a hardware device under your direct physical control, it
is technically called end-to-end-encryption (e2ee) because you don't have to trust that anyone
is survelying your information as it is being encrypted or decrypted. You have e2ee
when your Instance is on your device, on a server in your house or on a company
controlled physcial server.
Email path
When you send an email, it is encrypted by TLS and is sent to your VESmail Instance,
wherever it may reside.
At the Instance, the email is decrypted from TLS and re-encrypted with state-of-the-art
encryption used by VES. It is then additionally encrypted with TLS and sent to your
Outgoing email server.
When it arrives at your Outgoing server, the email is decrypted from TLS, but it
remains encrypted with VES; the server doesn't have a key to decrypt VES. The email is stored in this VES encrypted state. It is also re-encrypted
with another round of TLS and sent to the recipient's Inbox server.
The process is repeated at the Inbox server where the email is again stored in
the VES encrypted state, and also sent to the recipients device.
If the recipient has a VESmail account, the recipient's Instance receives the email
before it gets to the recipeint's email app and it is decrypted from the VES encryption.
If the recipient does not have VESmail, they will need to enter a PIN to create/use a VES
account to read the email. (they do not need to have a full VESmail setup to read the email.)
How VES recovery works
Visit VESvault.com and watch the video to see how VES recovery works.
A relay
SNIF (Server Name Identification Forwarding)
is a relay that exists in the cloud that serves two purposes.
First, in most cases, SNIF is a relay enabling direct e2ee communication
between your local email and VESmail apps.
It may sound odd that two apps on your device are talking to each other through a relay
in the cloud, but there's a very good reason for this and it doesn't slow anything down.
Trusted TLS for the VESmail app
Second, in all cases, SNIF is a way of achieving publicly trusted TLS certification in conjunction with full e2e TLS encryption for a unique host name owned by the VESmail app. Having this level of trust and security at the app level was previously not available. This gives your local VESmail app a level of trust that is universally recognized by all platforms and all email apps.
Achieving utility level status... & more
Through SNIF, the VESmail app achieves universal trust, essentially giving
it utility level status.
SNIF has potential that extends beyond VESmail, so we made it open source with the
thought that it could be used to enable a fully e2e solution for The Internet of Things.
An internet draft on SNIF has been submitted with IETF regarding this potential and as a result,
IoTSF has requested our CTO to join their workgroup tasked with solving this problem.
Learn more about SNIF