PGP email encryption

[Meni Milstein <meni () msec co il>]

I am testing solution for one of my clients that is looking into buying an
off the shelf email encryption program.
This client is basically dealing with world-wide customers and is looking
for the easiest way to send encrypted emails over the internet.

Looking at a project like PGP, where you install the PGP Universal on a
dedicated server, I really can't find much of a difference between having a
secured email server with web access. and here's why.

PGP works (basically) as a mail relay. You send an email to someone and that
someone receives a notification that a secure email message has been sent to
him. He then follows a link to read the message through some kind of web
access client that is actually located on MY PGP dedicated server. So the
message contents don't really leave my organization.

If I were to create a simple mail server, say on a linux box, with SSL
capabilities, I would then theoretically have the same secure environment
would I not? After all, the encrypting possibilities provided by PGP are
more or less standard, aren't they?

Also - what if I were to implement POP3 capabilities to that linux mail
server? Wouldn't using SSL POP3 and SSL SMTP access give me more or less the
same protection?

As far as I can see, aside for the fact that PGP sends a notification to the
receiving user about the new message, PGP gives me no added value (for email
protection).

Am I wrong?

Sincerely yours,
Meni Milstein
www.msec.co.il
P.O. Box 1124 Ramat Hasharon, Israel 47100