Signing and/or encryption of emails
This action is valid for the following senders: Local.
This action encrypts or signs emails with the cryptographic keys available in the certificate or PGP key management.
Specify one of the following behaviours for the signature:
- Sign email if a cryptographic key is available for the sender and send all other emails without signature.
- Sign the email with a cryptographic key of the sender or refuse to send the email if no cryptographic key is available.
- Send all emails without signature.
Emails from local senders may already contain signatures. These keys pose a security risk because a reply to such an email can be encrypted. This encrypted content cannot be analysed for spam and malware if NoSpamProxy Protection is used at the same time, because the key required for decryption is not on the server and only known to the sender. You can have existing signatures removed from emails to minimize the risk described above.
Here you can set whether you want to encrypt emails or not. You can also specify how to handle already encrypted emails. If you do not want to send email unencrypted under any circumstance, you can configure an exception for meeting requests. If these are encrypted, they can no longer be processed by Outlook.
Since encrypted emails usually contain the sender's signature, this poses the same security risk as signatures already present in emails. You can prevent the delivery of encrypted emails for the same reasons as described in the section Existing signatures.
NOTE: NoSpamProxy Encryption has more extensive support for the S/MIME standard than most email programs. You can also use NoSpamProxy Encryption to encrypt emails without signing them. This means that the content can be encrypted using the recipient's certificate without having to have a certificate of your own. However, we recommend that you use a certificate to show the recipient the authenticity of the email.
If NoSpamProxy Encryption does not have an encryption key for a recipient, the public key servers already configured can be queried. If a key is found there, it will be used to encrypt the email.
NOTE: Here you can select which key server will be searched on all configured key servers. Please do not use this setting on the standard rule for messages to external