This article will describe the headers that PGP encryption uses for the different encoding methods: PGP MIME, PGP Partitioned and EML.
For information on how to configure mail policies for the Symantec Encryption Management Server, see the following article:
180151 - HOW TO: Create Policy Chains to Set Mail Policy in PGP Server (Symantec Encryption Management Server)
SPAM filter and mail server flags to detect the presence of PGP encrypted emails sent by Symantec Encryption Management Server (Formerly PGP Universal Server) and Symantec Encryption Desktop (Formerly PGP Desktop):
From the "Content-Type" header of the encrypted email message:
MIME encrypted email:
PGP encrypted messages:
Important Note: In some situations, an email with attachments may show a content type of "multipart/mixed", and this denotes one or more attachments are embedded on an email. One of these such attachments could be encrypted, however, if you are looking only at the above header content type values, you may miss the message. As a result, please ensure you can parse these "multipart/mixed" messages, because other attachment types may be included, such as "Content-Type: Application/pkcs7-mime".
The list above is not an exhaustive list, but provides most of the scenarios for encryption or signing.
From the body of the encrypted email message:
-----BEGIN PGP MESSAGE-----
Version: Encryption Desktop 10.5.0 (Build 1180)
-----END PGP MESSAGE-----
Also, if Symantec Encryption Management Server has been deployed into the mailstream (Gateway mode), when it processes messages, it will add headers to the email:
X-PGP-Universal: processed - This doesn't mean the message was necessarily an encrypted message, but that it processed the message. You will need to test this in your scenarios to see when to review this header into your header-evaluation logic.
X-PGP-Universal-Decrypted: TRUE - This header means the message was decrypted. As such, for message integrity, do not attempt to modify these files, as doing so will break the signature verification process.
The following are some examples of how the headers may appear on emails in their particular encoding:
PGP MIME Encoding example:
PGP Partitioned example:
Content-Type: application/octet-stream; name="PGPexch.htm.pgp"
PGP EML Encoding example:
Content-Type: application/octet-stream; name=Message.pgp
Content-Disposition: attachment; filename=Message.pgp
X-Content-PGP-Universal-Saved-Content-Type: message/rfc822; name=Message.eml
Note: For more information on encoding methods, see article 203838.