What you didn’t know about Email Encryption

Mar 03, 2014
Mike Bridges

Our story focuses on a Financial Services (Mortgage, Securities, Insurance) Company with 25 employees.  What this Company does in the supply chain is irrelevant; the fact remains the same, they manage non-public information (NPI) as a third party.  The Company is required by law, regulations or rule to protect third party NPI and log who had access to it.  The Company has the potential to do business with 200 trading partners as they conduct their business.  Now let’s see their secure email options and what they really cost.

 First, their choice of solution has an underlying architecture which directly impacts how much money they’ll spend each year.  Three fundamental choices are available, Transport Layer Security (TLS), Vendor Solution and PaperClip eM4 Compliant Email.


TLS as a “Point to Point” architecture has been positioned as a Silver Bullet; simply install a commercial certificate on my mail server and I’m done.  Average commercial certificate cost $900 per mail server per year.  No, you’re far from done, now you need to test your trading partners and verify your mail actually traveled encrypted to the receiver.  Because you can only tell TLS was used by the receiving party, you must talk to them and interrogate received email headers; yes this requires a professional with knowledge of email headers because different email servers document it differently. 

TLS Verification Testing is required at least twice a year for minimal compliance documentation.  This testing is to verify potential changes made in the last six months by your trading partners did not break TLS.  This testing does not guarantee your email will be encrypted tomorrow, it will tell you that since the last testing your emails were or were not encrypted.   

TLS Solution


IT Professional Salary


Number of Trading Partners


TLS Verification Time (Hours)


Total Time to Verify (Hours)


Total Time to Verify (Weeks)


Salary to Verify TLS


Bi-annual TLS Verification


Certificate Cost


Annual TLS Cost



TLS does not satisfy the reporting requirements for compliance for “who had access to NPI” because very few email servers report on receiving TLS which means if you’re audited for email compliance, you’ll have to rely on your trading partners for the evidence of TLS used.

Vendor Solutions

Selecting a Vendor product or service is the next option; the fundamental flaw here is an “One to Many” architecture.  The Company can buy an appliance that offers “Rules or Policies” which scrub every email looking for NPI.  If NPI is detected, the email will evoke TLS or route to a Webmail where customers login and review mail. 

Appliance Solution


IT Professional Salary


Annual Appliance Cost


Rules/Policy Maintenance (Hours per Week)


Annual Rules/Policy Maintenance (Hours)


Annual Rules/Policy Maintenance (Weeks)


Annual IT Rules/Policy Maintenance Cost


Appliance Cost



Webmail requiring authentication frustrates receivers because they have to use logins and passwords to review their emails.  Logins have a hidden cost, time lost.  According to an analysis of 5 million emails from Baydin, an email management service, the average email user gets 147 messages per day.  Within the financial services industry, 50% of those emails carried NPI and required encryption.  Receiving an email, clicking on the link and logging in takes on average 15 seconds.  The Company now receiving Webmail loses $32,000 a year in lost time.

Webmail Solution


Encrypted Emails per Day


Minutes a Day to Login


Hours a Week to Login (40 Hours/Week)


Hours a Month to Login


Hours a Year to Login


FT Cost per Hour @ $35K


Cost per year to open Encrypted Email per employee


25 Employees



Vendor Solutions may or may not offer reporting for "who had access to NPI".  Therefore, if our Company selects a Policy based Encryption Appliance with TLS and Webmail options, they are paying in hard and soft dollars - $65,000 per year.

Vendor Solution Direct & In-direct Cost


Annual Appliance Cost


Annual TLS Cost


Annual Webmail Cost (25 Employees)


Annual Vendor Cost



eM4 Compliant Email

eM4 was designed by users with several core objectives, basically everything they didn’t like about the current landscape.  Its "Many to Many" architecture provides the optimal model eliminating the cost of support and maintenance while maximizing compliance.  At the top of their list were no logins or passwords, absolute encryption rules and compliance reporting.  They wanted a friendly B2B environment where the user didn’t have to think about NPI or depend on their IT Staff to maintain Scrubbing Policies.  As third parties in a supply chain the majority (89%) of their traffic was with their trading partners (B2B) and 11% was with the end customer (B2C). 

eM4 Service 2007 - 2013




B2B & B2C














Subscribers wanted deployment options because one size doesn’t fit all.  Some wanted in-house deployments, those who outsourced to public or private Cloud providers wanted to participate and not be forced into the Cloud providers solution therefore they wanted PaperClip to host the Relay and some wanted a simple email client option as a Private eM4 Cloud.

Relay Type









Pricing was also important whereas the community wanted the largest user down to the smallest to be able to participate.

eM4 Solution


IT Professional Salary


Setup Time (Days)


IT Setup Cost


eM4 Enterprise Relay Cost


eM4 Full Subscriber Rate (25 or less)


Number of Employees


Annual eM4 Cost



eM4 Compliant Email is a fast growing service that does more than encryption.  It maintains User Friendly balanced with Compliance at an affordable price. 


Back to top