Best Practices for Email Encryption

book

Article ID: 161015

calendar_today

Updated On:

Products

Desktop Email Encryption

Issue/Introduction

This article provides some best practices for email encryption when using Symantec Desktop Email Encryption.

Resolution

How to verify signatures in Symantec Encryption Desktop for Windows and Symantec Encryption Desktop for Mac OS X

When using the default configuration options, three things happen when a user receives a signed email message. First, Encryption Desktop will create a pop-up notification indicating that the message was successfully verified. Second, a log message is recorded noting the details of the signature. Third, annotations are added inside the message body indicating that the message signature was verified.

If there is a problem with the signature, the pop-up notification will indicate the problem exists and direct the user to view the log for more details. Users can always trust the pop-up notification and the log to accurately determine an email message signature’s validity.

Annotations appearing inside the email body are for convenience only. Users must not rely on these annotations when determining whether to trust the message’s integrity. This is because a forged email message may contain annotations that look similar to the ones that Encryption Desktop adds.
 

How to securely use Microsoft Outlook (MAPI) email encryption

Be aware that when using Encryption Desktop to provide end-to-end email security for Microsoft Outlook configured with Microsoft Exchange Server, Encryption Desktop will only encrypt email messages. Encryption Desktop will neither encrypt nor sign meeting invitations, contacts, tasks, and other items created in Microsoft Outlook.

Sensitive documents can be protected by emailing them separately from a meeting invitation, by using PGP NetShare, or by encrypting the file using the right-click options that Encryption Desktop adds to Windows Explorer.

This limitation does not apply to Microsoft Outlook when Outlook uses the IMAP, POP, or SMTP protocols.
 

How to securely use Encryption Desktop Email Encryption

When using Microsoft Outlook configured with Microsoft Exchange Server (MAPI) in conjunction with Encryption Desktop Email Encryption, Encryption Desktop may temporarily write some decrypted email content to the user’s hard drive while Outlook is displaying that content to the end user.

When using the IMAP or POP protocols in conjunction with Encryption Desktop Email Encryption, email remains encrypted on the user’s email server. Encryption Desktop decrypts messages on the user’s computer as the user’s email client downloads them. The user’s email client then stores and displays the unencrypted content.

For the above reasons Symantec recommends combining Email Encryption with Symantec Full Disk Encryption to provide complete protection for email messages.