WebLOQ Creates Private Domains to Secure E-Mail

WebLOQ service seeks to fortify e-mail security by allowing users to create their own e-mail domain names.

Officials at WebLOQ, based in Monterey, Calif., say they can offer businesses a digital safe haven for their e-mail communications with a new service that protects the transit channel rather than the perimeter.

The service, also named WebLOQ, is enabled by a downloadable application and operates as a subset of normal e-mail transmission channels, company officials said. It supports a number of popular e-mail clients such as Microsoft Outlook, Outlook Express, Thunderbird and MacMail, as well as smart phones.

With it, users can create their own private domain name distinct from regular e-mail domain names such as ".com" or ".net", protecting it from problems with public domain and certificate services. The end result is that corporate communications are shielded from hackers and spammers, officials said.

"The whole concept of WebLOQ here is to create...virtual private communities, and inside those communities there is no malware whatsoever. Everybody is known and accountable," said George Sidman, chief technology architect of the three-year-old company.

"You get a new private e-mail address based on your private domain name, and those e-mail addresses manage all of the routing in such a manner so nobody can see your e-mail address on the open Internet," he said.

Sidman added that if spammers were to pick up a WebLOQ e-mail address, anything they send by that method will not route on the Internet. "So the first DNS lookup that they [spammers] do to pick up the IP address for routing will fail."

In order for spammers to use that WebLOQ e-mail address they would have to take over the e-mail client, Microsoft Outlook for example, to get access to the private account on Outlook and park the e-mail message in there, Sidman explained.

"The only way you can get on our network is [to] come from the private account within Outlook or Thunderbird on our secure channel to the lock agent, and the lock agent then handshakes relationship with the server," he said.


Click here to read about how C-level executives are targeted for e-mail attacks.

In other words, even if an intruder were able to get his or hands on a WebLOQ e-mail address, the address is useless unless its sent via a WebLOQ enabled PC, all of which are registered to ensure the identity of users.

"Now if some guy were to spoof a script in a bot that somehow launched Outlook and tried to send anything from there, they would have to ape the entire manual process and, to my knowledge, none of the bots are doing that," Sidman said.

In addition, WebLOQ e-mail is protected using an industry standard, double-encrypted methodology, company officials said.

WebLOQ CEO Neal Smith said the company will work with channel partners as a key part of its go-to-market strategy, and is initially focusing on key markets, including the financial industry and local police, to build up the companys credibility.

WebLOQ Private Email is available for enterprises and as a hosted service, with introductory pricing for individual accounts at $69 per year, with up to three devices allowed per account.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.