SECURING
Encrypt outgoing, incoming, and saved mail to protect messages while they are in transit and stored in mail databases on the server. Users can encrypt outgoing mail messages sent to recipients who use either Notes® or S/MIME. If recipients prefer to receive mail in MIME format, then encrypted mail will be in S/MIME format. Users can encrypt incoming and saved mail only if they use Notes mail.
Parent topic: Mail encryption
To encrypt outgoing mail
About this task
Encrypting outgoing mail ensures that only the recipient of a message can read it while the message is in transit, stored in intermediate mailboxes, or in the recipient's mail file.
Each Notes client user must encrypt outgoing mail. The administrator cannot encrypt all outgoing mail on a server.
Senders control the choice of MIME format or Notes format when sending mail directly to the Internet or for messages that are addressed to Internet addresses. Mail recipients control the format of incoming mail in their user preferences. The message format determines the choice of encryption method.
Notes uses S/MIME encryption for outgoing mail in the following situations:
Some recipients may have dual Internet certificates, meaning one certificate is for encryption and the other is for signatures and SSL. If the recipient uses dual certificates, Notes extracts the Internet encryption certificate and uses it to encrypt the message.
The sender of an encrypted Notes mail message must have the public key for each intended recipient. The public key can be stored in the Domino Directory, in an LDAP directory that is accessible to the sender, or in the sender's Contacts.
To encrypt incoming mail for a mail file
If users have Editor access to their Person documents in the Domino Directory, they can encrypt all incoming mail they receive. Otherwise, the administrator must complete this procedure for them.
Procedure
1. Open the user's Person document in the Domino Directory.
2. Click Edit Person, and then click Basics.
3. In the field When receiving unencrypted mail, encrypt before storing in your mail file, select Yes.
4. Save the document.
To encrypt saved mail
Users can encrypt drafts of unsent messages and messages that they save after sending. For unsent mail, the message is encrypted only with the sender's public key. For sent mail, the message is encrypted with the sender's and the recipient's public keys.
Only messages saved after this option is chosen are encrypted. To encrypt previously saved messages, users must open and resave the messages. Encrypting saved mail prevents unauthorized access to messages by other users with unauthorized access to the mail server.
Related concepts Mail encryption Setting up Notes clients for S/MIME Dual Internet certificates for S/MIME encryption and signatures
Related tasks Adding a Notes public key to the Domino Directory Adding an Internet certificate and cross-certificate for encrypted S/MIME messages