Lotus Domino Administrator 8 Help

SECURITY

Encrypting mail
Encrypt outgoing, incoming, and saved mail to protect messages while they are in transit and stored in mail databases on the server. Users can encrypt outgoing mail messages sent to recipients who use either IBM® Lotus® Notes® or S/MIME. If recipients prefer to receive mail in MIME format, then encrypted mail will be in S/MIME format. Users can encrypt incoming and saved mail only if they use Lotus Notes mail.

To encrypt outgoing mail

Encrypting outgoing mail ensures that only the recipient of a message can read it while the message is in transit, stored in intermediate mailboxes, or in the recipient's mail file.

Each Lotus Notes client user must encrypt outgoing mail. The administrator cannot encrypt all outgoing mail on a server.

Senders control the choice of MIME format or Lotus Notes format when sending mail directly to the Internet or for messages that are addressed to Internet addresses. Mail recipients control the format of incoming mail in their user preferences. The message format determines the choice of encryption method.

Lotus Notes uses S/MIME encryption for outgoing mail in the following situations:

The user selects "directly to Internet" in the "Send outgoing mail" field in the Mail tab of the current Location document. Mail messages sent from this location will use MIME format.
The user selects "MIME format" in the "Format for messages addressed to Internet addresses" field in the Mail tab of the current Location document. Mail messages sent from this location to Internet addresses that cannot be found in Contacts or Lotus Domino Directory will use MIME.
The user enables the field "When receiving unencrypted mail, encrypt before storing in your mail file" on the Basics tab of the user's Person document. Mail sent to this user will use MIME.
The user creates a message using a form in which the Body field in the form's design has "Store contents as HTML and MIME" selected in Field Properties. If the recipient can accept either Lotus Notes or MIME format (or if Lotus Notes cannot find a Person document for the recipient), the message will use MIME format.

The sender of an encrypted S/MIME mail message must find an Internet certificate for each intended recipient and a cross-certificate that verifies the Internet certificate. The Internet certificate can be stored in the IBM® Lotus® Domino™ Directory, an LDAP directory that is accessible to the sender, or in the sender's Contacts. The cross-certificate must be stored in the sender's Contacts. If a Lotus Notes recipient's Internet certificate is not available to the sender, Lotus Notes attempts to use the recipient's Lotus Notes public key (if available) to encrypt the message.

Some recipients may have dual Internet certificates, meaning one certificate is for encryption and the other is for signatures and SSL. If the recipient uses dual certificates, Lotus Notes extracts the Internet encryption certificate and uses it to encrypt the message.

The sender of an encrypted Lotus Notes mail message must have the public key for each intended recipient. The public key can be stored in the Lotus Domino Directory, in an LDAP directory that is accessible to the sender, or in the sender's Contacts.

For information on encrypting outgoing mail, see the topic "Encrypting and digitally signing email messages" if you have installed Lotus Lotus Notes 8 Help. Or go to www.lotus.com/ldd/doc to download or view Lotus Notes 8 Help.

To encrypt incoming mail for a mail file

If users have Editor access to their Person documents in the IBM® Lotus® Domino™ Directory, they can encrypt all incoming mail they receive. Otherwise, the administrator must complete this procedure for them.

1. Open the user's Person document in the Lotus Domino Directory.

2. Click Edit Person, and then click Basics.

3. In the field "When receiving unencrypted mail, encrypt before storing in your mail file," select Yes.

4. Save the document.

To encrypt saved mail

Users can encrypt drafts of unsent messages and messages that they save after sending. For unsent mail, the message is encrypted only with the sender's public key. For sent mail, the message is encrypted with the sender's and the recipient's public keys.

Only messages saved after this option is chosen are encrypted. To encrypt previously saved messages, users must open and resave the messages. Encrypting saved mail prevents unauthorized access to messages by other users with unauthorized access to the mail server.

For more information on encrypting saved mail, see the topic "Encrypting and digitally signing email messages" if you have installed Lotus Notes 8 Help. Or go to www.lotus.com/ldd/doc to download or view Lotus Notes 8 Help.

See also

Mail encryption

Setting up Notes clients for S/MIME

Adding a Notes public key to the Domino Directory

Dual Internet certificates for S/MIME encryption and signatures

Adding an Internet certificate and cross-certificate for encrypted S/MIME messages

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary