Limitations using Desktop Email Encryption and Outlook with multiple mailboxes
search cancel

Limitations using Desktop Email Encryption and Outlook with multiple mailboxes


Article ID: 226817


Updated On:


Desktop Email Encryption Gateway Email Encryption


Microsoft Outlook allows users to open more than one mailbox at a time and, if they have permissions, to send from the email address of these additional or shared mailboxes by changing the From field of the message:

However, if Desktop Email Encryption is running, all messages will be sent from the user's primary email address. The Encryption Desktop log will confirm this. It will contain an entry like this where [email protected] is the primary email address of the user:

17:03:17 Email  Info Processing outgoing message from First Last <[email protected]> with subject: Test

The recipient will receive the message from the email address specified in the From field. However, any signed or encrypted message will use the primary user's key.


Symantec Desktop Email Encryption release 10.5 and above.


Messages sent from the secondary email account cannot be signed by the secondary key. They will always be signed by the primary user's key.

Messages that are encrypted but not signed are encrypted to the recipient's public key so the recipient will be able to decrypt such messages.

By default, messages are also encrypted to the sender's key. This will be the primary user's key. If the secondary mailbox is shared by multiple users, this means that only the sender of a message will be able to decrypt it when reading messages in the Outlook Sent Items folder. To workaround this issue, outbound messages can be encrypted to the shared key by specifying it as a Master Key. All  outbound messages will then be encrypted to that key and any user with that private key will be able to read the messages in the Sent Items folder. To add a key as a Master Key:

  1. Open Encryption Desktop.
  2. Click on the Tools menu and select Options.
  3. Click on the Master Keys tab.
  4. Click the Add button and add the key of the secondary email address as a master key.
  5. Click OK.

Inbound messages encrypted to the secondary public key will be able to be decrypted, presuming that the user has the private key.

In terms of mail rules, no mail rule that contains a Condition that references the email address or email domain of the secondary email address will be matched. This is because so far as the mail rules are concerned, the message was sent from the primary email address. For example, if the secondary email address is [email protected] then this rule will never match:

Note that if Gateway Email Encryption is used rather than Desktop Email Encryption, these limitations will not apply. This is because Gateway Email Encryption processes the raw SMTP message. It will therefore detect the correct sender email address.

Please also see article 218813.

Additional Information