Best Practices for PGP Desktop Email Encryption
search cancel

Best Practices for PGP Desktop Email Encryption

book

Article ID: 161015

calendar_today

Updated On: 06-24-2025

Products

Desktop Email Encryption Drive Encryption Encryption Management Server Endpoint Encryption File Share Encryption Gateway Email Encryption PGP Command Line PGP Encryption Suite PGP Key Management Server PGP Key Mgmt Client Access and CLI API PGP SDK

Issue/Introduction

This article provides some best practices for email encryption when using PGP Desktop Email Encryption.

Resolution

How to verify signatures in PGP Encryption Desktop for Windows and PGP Encryption Desktop for Mac OS X

When using the default configuration options, three things happen when a user receives a signed email message. First, PGP Encryption Desktop will create a pop-up notification indicating that the message was successfully verified. Second, a log message is recorded noting the details of the signature. Third, annotations are added inside the message body indicating that the message signature was verified.

If there is a problem with the signature, the pop-up notification will indicate the problem exists and direct the user to view the log for more details. Users can always trust the pop-up notification and the log to accurately determine an email message signature’s validity.

Annotations appearing inside the email body are for convenience only. Users must not rely on these annotations when determining whether to trust the message’s integrity. This is because a forged email message may contain annotations that look similar to the ones that PGP Encryption Desktop adds.
 

How to securely use Microsoft Outlook (MAPI) email encryption

Be aware that when using PGP Encryption Desktop to provide end-to-end email security for Microsoft Outlook configured with Microsoft Exchange Server, PGP Encryption Desktop will only encrypt email messages. PGP Encryption Desktop will neither encrypt nor sign meeting invitations, contacts, tasks, and other items created in Microsoft Outlook.

Sensitive documents can be protected by emailing them separately from a meeting invitation, by using PGP NetShare, or by encrypting the file using the right-click options that PGP Encryption Desktop adds to Windows Explorer.

This limitation does not apply to Microsoft Outlook when Outlook uses the IMAP, POP, or SMTP protocols.
 

How to securely use PGP Encryption Desktop Email Encryption

When using Microsoft Outlook configured with Microsoft Exchange Server (MAPI) in conjunction with PGP Encryption Desktop Email Encryption, PGP Encryption Desktop may temporarily write some decrypted email content to the user’s hard drive while Outlook is displaying that content to the end user.

When using the IMAP or POP protocols in conjunction with PGP Encryption Desktop Email Encryption, email remains encrypted on the user’s email server. PGP Encryption Desktop decrypts messages on the user’s computer as the user’s email client downloads them. The user’s email client then stores and displays the unencrypted content.

For the above reasons Symantec recommends combining Email Encryption with PGP Whole Disk Encryption to provide complete protection for email messages.