S/MIME and PGP verification and decryption

This action is valid for the following senders: External and Local.

For emails to corporate recipients, the digital signature can be automatically validated and the content decrypted. You can set the options for validation and decryption individually.

The following validation policies are possible for signatures:

  • S/MIME-signed emails You can select different levels of validation, each of which builds on the other.
  • PGP-signed emails You can only specify whether message integrity is checked.

You can also specify whether all emails to local addresses must be signed. In this case, you can also restrict the possible signature procedures.

The email signature validation policies

Here you define for S/MIME and PGP respectively whether attached keys are removed from the email. This is reasonable because otherwise users can use these keys to encrypt responses already on the client. These emails can then no longer be validated reliably by NoSpamProxy.

You can also configure whether attached keys are automatically imported into the NoSpamProxy certificate store. PGP keys are initially quarantined and must be explicitly released by the administrator.

The signature validation options

On the Decryption options tab, you can force the encryption of emails. If this option is selected, all unencrypted emails to local addresses will be rejected. In addition, you can restrict the technologies you can use.

It is possible that emails are received encrypted, but no private certificate is available for decryption in the certificate management. These emails can be rejected or delivered to the recipient of the email in encrypted form. Since such emails cannot be checked for spam or malware, they should be rejected.

NOTE: Even if you have selected Force encryption, an unencrypted email can only be rejected after it has been transmitted.

Enforcing encryption and defining the behaviour in case of decryption errors