Encrypted in transit
TLS protects connections between your browser or mail app and Zmail, and is requested for server-to-server delivery. Email delivery still depends on the receiving or sending server supporting secure transport.
Layered defences for your mailbox, honest boundaries for encryption, and controls that stay out of the way.
TLS protects connections between your browser or mail app and Zmail, and is requested for server-to-server delivery. Email delivery still depends on the receiving or sending server supporting secure transport.
SPF, DKIM and DMARC help receiving systems verify legitimate Zmail messages and reject domain impersonation.
Reputation, protocol and content signals work together. Rate limits and subscription verification make automated abuse more expensive.
Administrative access is separate from mailbox access. Sensitive portal actions require server-verified sessions, anti-forgery checks and human verification.
A passphrase creates an inner AES-256-GCM layer. A separate visual pattern creates the outer layer. Each input gets its own random salt, key and 600,000-round PBKDF2-HMAC-SHA-256 derivation in your browser.
ZMath Shield protects only content you deliberately export as a .zmath vault. Normal messages remain interoperable email: protected in transit where supported and stored on the mail server. Recipients using other providers may have different security. We do not describe standard email as universal E2EE.
Portal sessions, sign-up flows, mail transport, account operations and optional protected payloads.
Your Google account security, mail password, recovery material, connected devices and the links you open.
No anti-spam or malware system catches every harmful message. Treat unexpected requests and attachments cautiously.
Choose a memorable address and use local protection when a note or file needs it.