Header and body flags that indicate PGP encrypted email for SPAM filter and mail server configuration
search cancel

Header and body flags that indicate PGP encrypted email for SPAM filter and mail server configuration


Article ID: 150133


Updated On:


Endpoint Encryption Desktop Email Encryption Encryption Management Server Gateway Email Encryption


This article will describe the headers that PGP encryption uses for the different encoding methods: PGP MIME, PGP Partitioned and EML.


For information on how to configure mail policies for the Symantec Encryption Management Server, see the following article:

180151 - HOW TO: Create Policy Chains to Set Mail Policy in PGP Server (Symantec Encryption Management Server)



SPAM filter and mail server flags to detect the presence of PGP encrypted emails sent by Symantec Encryption Management Server (Formerly PGP Universal Server) and Symantec Encryption Desktop (Formerly PGP Desktop):

From the "Content-Type" header of the encrypted email message:

MIME encrypted email:

  • multipart/Encrypted
  • multipart/Signed
  • application/pkcs7-mime
  • application/pkcs7-signature
  • application/x-pkcs7-signature
  • application/x-pkcs7-mime

PGP encrypted messages:

  • X-PGP-Encoding-Format
  • X-PGP-Encoding-Version


Important Note: In some situations, an email with attachments may show a content type of "multipart/mixed", and this denotes one or more attachments are embedded on an email.  One of these such attachments could be encrypted, however, if you are looking only at the above header content type values, you may miss the message.  As a result, please ensure you can parse these "multipart/mixed" messages, because other attachment types may be included, such as "Content-Type: Application/pkcs7-mime".

The list above is not an exhaustive list, but provides most of the scenarios for encryption or signing.

From the body of the encrypted email message:

  • "Begin PGP Message" will be present in the body of PGP encrypted emails such as the following example:

    -----BEGIN PGP MESSAGE-----
    Version: Encryption Desktop 10.5.0 (Build 1180)
    Charset: utf-8

    -----END PGP MESSAGE-----

Also, if Symantec Encryption Management Server has been deployed into the mailstream (Gateway mode), when it processes messages, it will add headers to the email:

X-PGP-Universal: processed - This doesn't mean the message was necessarily an encrypted message, but that it processed the message.  You will need to test this in your scenarios to see when to review this header into your header-evaluation logic.

X-PGP-Universal-Decrypted: TRUE - This header means the message was decrypted.  As such, for message integrity, do not attempt to modify these files, as doing so will break the signature verification process.


The following are some examples of how the headers may appear on emails in their particular encoding:


PGP MIME Encoding example:
X-PGP-Universal: processed;
X-PGP-Encoding-Format: MIME
X-PGP-Encoding-Version: 2.0.2
Content-Type: multipart/encrypted;

PGP Partitioned example:
X-PGP-Encoding-Format: Partitioned
X-PGP-Encoding-Version: 2.0.2
X-Content-PGP-Universal-Saved-Content-Type: text/html
Content-Type: application/octet-stream; name="PGPexch.htm.pgp"
Content-Transfer-Encoding: base64


PGP EML Encoding example:
X-PGP-Encoding-Format: EML
X-PGP-Encoding-Version: 2.0.2
Content-Type: application/octet-stream; name=Message.pgp
Content-Disposition: attachment; filename=Message.pgp
X-Content-PGP-Universal-Saved-Content-Type: message/rfc822; name=Message.eml



Note: For more information on encoding methods, see article 203838.

Additional Information