Tracking
• Provides certified proof of delivery (PoD)
• Allows recipients to choose between allow PoD to be returned to sender or not reading received email
• Fully integrated into email client application
• Does not rely on existing "optional" recipient agreement to deliver PoD
• Does not rely on redirecting recipients to a website

Encryption
• Sender-enabled (does not require recipients to publish keys or certificates)
• Universal delivery (can deliver to any recipients, whether or not they use Kryptiva's services)
• Secure response (allows non-Kryptiva recipients to respond securely)
• Supports HTML encryption
• Relies on 1024 bit RSA and 128 bit AES^*
• Does not require PKI understanding by either senders or recipients
• Does not rely on redirecting recipients to a website

Authentication
• Provides user with spoof-proof validation
• Authenticates originating organization, not network properties
• Certifies content (emails filtered for spam and viruses prior to signing)
• Automated verification (no need to import certificates)
• Resilient (verifies email fields independently)
• Involves reputation and trustworthiness check before signup
• Allows for immediate reaction in case of improper conduct
• Relies on 1024 bit RSA and SHA-1^*

Coherently Integrated Services
• Single framework (no need to configure and use a patchwork of separate technologies)
• Incrementally upgradable (no upfront capital expenditures for either hardware or software)
• Software freely provided as part of service signup

Orthogonality
• Infrastructure-independent (no infrastructure modification whatsoever)
• LAN-based (no perimeter box needed or email infrastructure outsourcing⁺ required)
• Seamless integration (coexists with existing servers and software without adding any load or perturbation)
• Mail protocol-independent (compatible with all mail server software on the market)
• Graceful service failover (in case of problem, email degrades to its existing insecure functionality)

Full LDAP Integration
• LDAP-controlled access to security services
• Sender authorization (ex.: determine if the sender is authorized to sign email on behalf of organization)
• Decryption authorization (ex.: allow decryption only if the recipient is part of the recipient list)
• No per-user keys or certificates

Per-User Access Control
• Encrypted emails stored as-is (no system administrator can "accidentally" read email on mail servers)
• Separate decryption database locally stored on user PC or portable storage device

Undroppable Attachments
• Attachments are transmitted as part of the encrypted email body and restored at reception
• Attachments cannot be dropped by overzealous mail filters

Protocol-Level Security
• Security mechanisms cannot be bypassed by reverse-engineering or hacking of the software

Intuitive Cryptographic Functionality
• Disposable keys (limited impact of private key loss and trivial replacement)^*
• Inaccessible private keys (neither users nor system administrators have access to private keys)
• User-comprehensible interface (cryptography details buried in lower layers)

Stateless Operation
• Email delivery follows conventional path
• No storage whatsoever at any intermediary location or web server for delivery to recipients

Friendly yet Inherently Secure User Interface
• Free email client plugin
• Incremental user experience (security is a simple add-on to existing habits, no new skills required)
• No need for recipients, whether or not they are Kryptiva members, to be redirected to any website