E Appendix E. Encrypt delivered incoming mail Since Lotus Domino 5, Domino organizations have had the ability to enforce secure storage of delivered incoming mail either on a per-user 1 or per-server-configuration 2 basis. Considering that interest in broad-based organizational e-mail security continues to grow, and because new Notes C APIs have been released that can allow IBM Business Partners and ISVs broad-based access to ID file management (see Appendix A, "Notes C API security enhancements" on page 155), a short elaboration of this feature's functionality is useful. Before an unencrypted e-mail message is delivered to a mail (or mail-in) database, the Domino router checks whether the message should be encrypted to the user's public key. If it is to be encrypted, the type of encryption applied depends on the format of the message's body content. If the format is Notes rich text, conventional Notes encryption is performed. By contrast, if the format is MIME and an X.509 certificate for the recipient is available, trusted (cross-certified), and unexpired, S/MIME encryption is performed. However, if in the MIME format an appropriate X.509 certificate is unavailable (not present, untrusted, or expired), conventional Notes encryption is performed while still maintaining the MIME format of the message (that is, the message is not converted to Notes rich text). Go to the Domino Directory People view Basics tab Mail section When receiving unencrypted mail, encrypt before storing in your mailfile field. 2 Go to the Domino Directory Configuration\Servers\Configurations view Router/SMTP tab Restrictions and Controls tab Delivery Controls tab Delivery Controls section Encrypt all delivered mail field. 1 © Copyright IBM Corp. 2006. All rights reserved. 215