Encrypted in transit
TLS protects connections between your browser or mail app and Zmail, and is requested for server-to-server delivery. Email delivery still depends on the receiving or sending server supporting secure transport.
Layered defences for your mailbox, honest boundaries for encryption, and controls that stay out of the way.
TLS protects connections between your browser or mail app and Zmail, and is requested for server-to-server delivery. Email delivery still depends on the receiving or sending server supporting secure transport.
SPF, DKIM and DMARC help receiving systems verify legitimate Zmail messages and reject domain impersonation.
Reputation, protocol and content signals work together. Rate limits and subscription verification make automated abuse more expensive.
Administrative access is separate from mailbox access. Sensitive portal actions require server-verified sessions, anti-forgery checks and human verification.
For ready Zmail-to-Zmail recipients, webmail encrypts the body with independent inner and outer AES-256-GCM keys, wraps both keys to every recipient browser with ephemeral ECDH/HKDF, and signs the envelope with the sender device.
A passphrase creates an inner AES-256-GCM layer. A separate visual pattern creates the outer layer. Each input gets its own random salt, key and 600,000-round PBKDF2-HMAC-SHA-256 derivation in your browser.
Automatic ZMath Mail applies only when every recipient is a ready Zmail webmail user, and this release protects the message body—not the subject, addressing metadata, drafts or attachments. Messages to external providers remain interoperable email protected with transport TLS where supported. ZMath Shield separately protects a selected note or file exported as a .zmath vault.
Portal sessions, sign-up flows, mail transport, account operations and optional protected payloads.
Your Google account security, mail password, recovery material, connected devices and the links you open.
No anti-spam or malware system catches every harmful message. Treat unexpected requests and attachments cautiously.
Choose a memorable address and use local protection when a note or file needs it.