Zoom Mail and Calendar Services Explainer

This document is an introduction to the Zoom Mail and Zoom Calendar Services, not to be confused with the Zoom Mail and Zoom Calendar Clients. This section primarily details an overview of the Zoom-provided services for email and calendaring, with limited reference to the Zoom Mail and Calendar Client features.

Zoom Mail Service

The Zoom Mail Service is a security-focused email service, featuring client-side encryption within Zoom desktop and mobile clients.

Zoom Mail is Zoom’s native email service, designed to consolidate and integrate user workflows into one common application for email, calendaring, meetings, phone, and more. Zoom Mail features client-side encryption and access exclusively through Zoom desktop and mobile clients.

The Zoom Mail Service supports core email features and functionality

The Zoom Mail Service supports core email features and functionalities, including but not limited to an inbox, outbox, drafts, sent messages, email archiving, searching, filters, starring, custom labels, distribution lists, signatures, vacation messages, and more.

The Zoom Mail Service is initially targeted at small-to-medium businesses that focus on security and privacy

At its current stage, the Zoom Mail Service is designed and focused for small-to-medium businesses with 50 or fewer employees that are interested in additional email privacy.

Optional Zoom Mail Service Offerings

The Zoom Mail Service offers optional end-to-end encrypted email between active Zoom Mail Service users

Email sent directly between two active Zoom Mail Service users can be protected by end-to-end encryption, depending on certain factors such as whether the sender and receiver have already generated encryption keys, whether they are running the latest Zoom client version, as well as the configuration of user or account level settings. The user interface will indicate when the email a user is about to send will be end-to-end encrypted. Emails are encrypted using client-generated encryption keys and TLS 1.2 while in transit. Although Zoom Mail Service emails are stored and processed using Zoom’s infrastructure, by design, Zoom cannot access email content due to client-side encryption methods. More information on Zoom Mail Service encryption can be found in our Encryption Whitepaper.

Emails between the Zoom Mail Service and third-party email providers are encrypted when stored by Zoom

Emails between Zoom Mail Service users and those using third-party email services are encrypted when stored by Zoom. The Zoom Mail Service encrypts incoming emails from third-party email services with client-controlled keys as soon as possible upon receipt and does not retain access to the contents of outgoing emails to such services after they are successfully sent. A copy of outgoing emails to external accounts is encrypted with client-side keys, and is persisted so the sender can review them in their Sent folder.

Personal copies of outbound emails are stored with encryption in the sender’s Sent folder on Zoom Mail Service servers

Personal copies of all outbound email are stored with encryption within Zoom Mail Service servers in the sender’s Sent folder. By design, Zoom Mail Service servers do not have keys to decrypt these emails after they are successfully sent.

Zoom Mail Service offers plain text or expiring emails for recipients using third-party email providers

When emailing non-Zoom Mail recipients, users can choose to send plain text or expiring emails, with both email methods protected by TLS 1.2 in transit whenever possible.

Expiring emails are time sensitive and contain an embedded password within the URL

Expiring emails send recipients an email with a time-sensitive link to the original email, with a password embedded in the URL. After the link is sent, the Zoom Mail Service does not retain a copy of the password, exclusively allowing access through the URL.

Expiring emails are encrypted at rest within Zoom Mail Service servers and must be set to expire in one day, week, or month from its postmark. After an expiring email expires, the link is invalidated and the message’s public-facing content is deleted from Zoom Mail Service servers; however, a separate, private copy may persist within the sender’s Sent folder.

Emails sent to a distribution list are not end-to-end encrypted

Emails sent to a distribution list are not end-to-end encrypted, even if all users are Zoom Mail Service accounts. Users must send distribution list emails using plain text or password-protection.

The Zoom Mail Service does not support webmail at this time

At beta launch, the Zoom Mail Service does not support web-based browser sessions. Users must access their Zoom Mail from an authorized device and supported client.

Zoom Mail Service Features

Users on a Business account or higher have 100 GB of Zoom Mail Service storage

Zoom Mail Service users belonging to a Business account or higher are granted 100 GB of email cloud storage. Users belonging to Pro-level accounts are granted 15 GB of email cloud storage. This storage is unique to the Zoom Mail Service and cannot be used for other cloud storage like cloud recordings.

The Zoom Mail Service includes built-in spam and security features

To prevent spam email, Zoom Mail uses industry standard protocols and techniques, such as:

• Domain-based Message Authentication Reporting & Conformance (DMARC)

• DomainKeys Identified Message (DKIM)

• Authenticated Received Chain (ARC)

• Strict Transport Security (MTA STS)

• Account admins can additionally block or approve specific email domains through Zoom support At beta launch, account admins can request to block or approve incoming mail from specific domains through a Zoom support ticket.

• Users can report email addresses that send spam and phishing attempts, and block senders Users can report email addresses that send spam or phishing attempts within the Zoom Mail Client. Zoom will collect this information and may take action against the sender to prevent future messages. Users can additionally block sender addresses on an individual level. Received messages sent by blocked senders are automatically placed into a blocked folder and are purged over time.

• The Zoom Mail Service is not compatible with third-party email hygiene or additional services at this time On beta launch, the Zoom Mail Service is not compatible with third-party vendor programs for email filtration or additional email services.

The Zoom Mail Service supports up to 25 MB in attachment size

The Zoom Mail Service supports attachments up to 25 MB in size for inbound and outbound emails. Inbound emails with attachments greater than 25 MB will be bounced by the Zoom Mail Service. Alternatively, the Zoom Mail Client will prevent Zoom Mail Service users from uploading attachments exceeding 25 MB.

Some features are not available within the Zoom Mail Service at beta release

At beta launch, some features are not available within Zoom Mail. These features include:

Zoom Mail Service emails marked for deletion are deleted after 30 days

Emails marked for deletion within the Zoom Mail Service are moved to a user’s trash bin and are deleted after 30 days. This 30-day retention period is not adjustable at this time.

Existing emails cannot be imported into the Zoom Mail Service at this time

At beta launch, the Zoom Mail Service does not support importing existing emails from third-party services.

Users cannot export Zoom Mail Service emails to third-party email services

User emails created or processed through use of the Zoom Mail Service cannot be exported to third-party email services. If a user discontinues their Zoom Mail Service account, their emails remain within the service until deletion.

Troubleshooting mail delivery must be done with Zoom Support

To troubleshoot problems or concerns related to mail delivery with the Zoom Mail Service, customers must reach out to Zoom Support for additional assistance. The Zoom Mail Service does not include customer-facing troubleshooting tools at this time.

Zoom Mail Service data is stored within US and EU data centers

On beta launch, Zoom Mail Service data at rest is stored within US or EU data centers depending on each user’s profile preferences. Users with a profile set to a European time zone (e.g., CEST) will have a mailbox provisioned within EU data centers. Customers with non-European time zones (e.g., PST, CST, MST, EST, etc.,) will have a mailbox provisioned within US data centers. Please consult your account team for more information on Zoom Mail Service data residency, or visit our support center for more information on changing your profile’s time zone.

The Zoom Mail Service supports English-only at this time

On beta launch, the Zoom Mail Service exclusively supports the English language.

Zoom Calendar Service

The Zoom Mail Service also comes with the Zoom Calendar Service. With the service, users receive a fully functioning calendar within the Zoom client, complete with features for scheduling meetings and appointments for themselves, or on behalf of other users if authorized.

Users with the Zoom Calendar Service can schedule, update, and delete calendar events within the Zoom Calendar Client

Users with a Zoom Mail Service and Calendar Service account have full access to basic calendaring functionality within their Zoom client. This includes the ability to schedule, update, or delete calendar events.

The Zoom Calendar Service includes an external calendar booking feature

Zoom Calendar Service users can configure external calendar booking services for their account. With this feature, external contacts can schedule appointments directly to the user’s calendar without any additional third party integrations.

The Zoom Calendar Service supports shared and resource calendars

With the Zoom Calendar Service, users can create shared, generic calendars for teams or general purpose. The Zoom Calendar Service also supports resource calendars for resource reservations, like conference rooms or other workspaces.

The Zoom Calendar Service also supports scheduling privilege on other user’s calendars

Authorized delegates with access to a user’s calendar within the Zoom Calendar Service and scheduling privilege for Zoom Meetings can schedule meetings directly to the user’s calendar on behalf of the user within the Zoom client. Meetings scheduled this way are automatically scheduled under the calendar owner’s Zoom account, but can be manually scheduled under the delegate’s account if desired.

Availability

Zoom Mail and Calendar Services are available to US and Canada commercial Zoom users with a paid license of any kind. The Zoom Mail Service is not available to Zoom for Government customers at beta launch and is not available to commercial free user accounts without a license.

The Zoom Mail Service supports custom domains for Zoom One customers on a Business account or higher

Companies on a Zoom One Business plan or higher will be able to set up the Zoom Mail Service with a custom email domain with proven ownership. Zoom does not provide domains for purchase and must be purchased through alternative providers.

Users without a custom domain will have an @zmail.com address

Users on accounts without a custom domain will use the email domain @zmail.com.

Custom email domains must be exclusive to the Zoom Mail Service while in-use

Custom email domains in-use with the Zoom Mail Service must be exclusive to the Zoom Mail Service and cannot be used in additional email services concurrently. For example, customers cannot split users of the same company domain between the Zoom Mail Service and Google Workspace or Microsoft 365. Customers looking to test the Zoom Mail Service should consider using a subdomain or alternative domain to prevent service disruption for users.

Zoom Mail Service and Calendar Service Functionality

This section details functionality and additional information for the Zoom Mail and Calendar Services.

Admins can enable the Zoom Mail Service and Calendar Service on an account or group level

Account admins or authorized users can enable the Zoom Mail Service and Calendar Service for the entire account or on a group level. Refer to our support documentation for more information on enabling the Zoom Mail Service and Calendar Service.

The Zoom Calendar Service does not use end-to-end encryption, but events are transmitted over TLS 1.2

The Zoom Calendar Service does not use end-to-end encryption for calendar events. This design allows interoperability between the Zoom Calendar Service and other calendar service providers; otherwise, calendar events and invitations would be unreadable to external parties. However, calendar events are transmitted using TLS 1.2 whenever possible for encryption in transit.

The Zoom Mail Service features device-based encryption keys, which are used to grant new devices access to old data

As a part of the design of the Zoom Mail Service, all authorized devices generate device-specific keys, in addition to per-user keys that are shared between all other authorized devices. Per-user keys are the encryption keys used to encrypt and decrypt email content on each authorized device.

When adding additional Zoom Mail Service devices, new per-user keys are generated and shared between all devices, allowing equal access to all new data; however, newly added devices do not have immediate access to older data or older per-user keys as a security measure.

Already-authorized devices can share previous per-user keys to grant new devices access to old data. If the new device is not granted access by an already-approved device, the new device cannot decrypt or access historical emails. If the device is granted access, the devices exchange the previous per-user key(s) in a private key exchange using each device’s device-specific key pair.

Authorized devices can revoke other authorized device access

Any authorized device can revoke another device’s access to Zoom Mail Service content. In the event a device’s access is revoked, the device’s keys are invalided and per-user keys are rotated between all remaining authorized devices.

Users can generate backup keys to restore access if lost

Because each additional device must be approved by an already-authorized device, users can lose access to their Zoom Mail Service data if all authorized devices are unavailable or lost. To avoid this scenario, users can generate and store backup keys to grant access to their account in the event of an emergency. Users are encouraged to take advantage of this feature, as Zoom cannot add devices or grant access on behalf of users or an account.