FAQs IKARUS mail.security S/MIME-Feature

IKARUS mail.security

FAQs S/MIME – In general

  • Is the S/MIME feature also available for stand-alone purchase (without IKARUS mail.security)?

    S/MIME it serves as an add-on to IKARUS mail.security and can therefore not be purchased separately.

  • What are the requirements for using S/MIME?

    S/MIME certificates can only be requested for domains whose MX record points to mx.mymailwall.com and which are set up in an inbound route.

  • Can internal e-mails also be provided with a certificate?

    Only e-mails sent via IKARUS mail.security/mymailwall are provided with an S/MIME certificate.

  • How can I provide mailboxes with a certificate?

    Under the menu item mail.security > S/MIME you will find a list of your mailboxes. Here you can activate one, several or all mailboxes. When you send an email via IKARUS mail.security/mymailwall, it is automatically signed and encrypted according to the rules you define.

  • Why don’t I see my mailbox in the S/MIME overview?

    Mailboxes must be entered in an incoming route as a known mailbox. Mailboxes entered in a wildcard route are not displayed.

  • Is the licence cross-domain or do I have to be purchase a llcence per domain?

    Analogous to IKARUS mail.security, the licence is purchased across domains and can therefore be used for any number of domains.

  • My licence number is displayed incorrectly on the IKARUS Portal. How can I change this?

    Please contact your responsible IKARUS Sales representative.

  • Where can I download the S/MIME certificate?

    Downloading S/MIME certificates is not technically provided for security reasons.

  • Can I also use an existing (third-party) certificate for certain mailboxes?

    You can upload as many existing (third-party) certificates as you wish within the scope of your existing licence, which will then be managed and used like IKARUS S/MIME certificates. Please note that these also count as licences and thus reduce your available quota.

  • What does the status "Revoke pending" ("in Deaktivierung" in Geman) mean?

    These are mailboxes that have been deactivated. This status remains up to 14 days until the status changes to “Inactive” (“Inaktiv” in German) and the licence becomes free again.

  • Does the S/MIME licence have to correspond to the IKARUS mail.security licence?

    No. The S/MIME licence can be less than or equal to the IKARUS mail.security licence.

  • How long is an S/MIME certificate valid?

    IKARUS S/MIME licences automatically receive the same validity period as your existing IKARUS mail.security licence. Technically, these are 1-year certificates, but they are automatically renewed at no extra cost (within the scope of the existing licence).

  • Is the S/MIME certificate recognised?

    The certificates are issued by Certum, a recognised certification authority.

FAQs S/MIME – Encryption

  • When and with what licence can email encryption be used? Is there an additional cost?

    Email encryption is part of IKARUS S/MIME and is included in the price of IKARUS S/MIME licences. IKARUS S/MIME is available to all IKARUS mail.security users.

  • Which mailboxes can I encrypt?

    Encryption can be applied to all mailboxes managed by IKARUS mail.security that have an active IKARUS S/MIME certificate. Please note that if encryption is enforced for outgoing emails, mailboxes without a valid IKARUS S/MIME certificate affected by this rule will not be able to send!

    The optional decryption is also applied to mailboxes without an IKARUS S/MIME certificate.

  • What is a managed mailbox or an external mailbox?

    Managed: A mailbox managed by IKARUS mail.security in this organisation.

    External: A mailbox outside this organisation to which mail is sent or from which mail is received.

  • What happens if an "enforced" rule is active and fails?

    If emails cannot be sent or received due to forced encryption or decryption, the sender receives an error message in the form of a non-delivery report (NDR) when receiving (= external mailbox) or sending (= managed mailbox).

  • What are the requirements for encrypting emails?

    An active certificate and the recipient’s public key are required to encrypt emails. The keys are automatically exchanged via an unencrypted but signed email as part of the S/MIME certificate and stored by IKARUS mail.security.

  • What are the requirements for decryption?

    An existing certificate for the recipient mailbox is a prerequisite for all inbound rule variants. The optional decryption is also applied to mailboxes without an IKARUS S/MIME certificate.

  • Can I use existing certificates?

    Yes, S/MIME certificates not obtained through IKARUS can also be managed in IKARUS mail.security. These can be uploaded in the IKARUS portal under the S/MIME menu item. They have the same functionality as IKARUS S/MIME certificates and will be credited to your IKARUS licence quota.

  • What encryption options are available?


    • Not defined: No change to the rules with lower priority, if necessary, the default settings are applied.
    • Do not decrypt: Encrypted emails are accepted and delivered in encrypted form.
    • Optional decryption (DEFAULT): Encrypted emails are decrypted if possible. Emails that cannot be decrypted are delivered in encrypted form.
    • Always decrypt encrypted emails: Unencrypted emails are accepted. If an encrypted e-mail cannot be decrypted, the sender receives an error report.
    • Force decryption: Only encrypted emails are accepted. Unencrypted emails are rejected, and the sender receives an error report.


    • Not defined: No change to the rules with lower priority, if necessary the default settings are applied.
    • Neither sign nor encrypt: Emails are sent unsigned and unencrypted.
    • Sign only (DEFAULT): Emails are signed and sent unencrypted.
    • Optional encryption: Emails are signed and, if possible, encrypted.
    • Enforce encryption: Emails are only sent signed and encrypted. If this is not possible, the sender receives an error report.
  • How can I create rules for encryption?

    Rules for encryption require the following entries:

    Rules are prioritised, with 1 being the highest priority. New rules are created with the highest priority.

  • Who can create/change rules?

    All users of the IKARUS portal with write authorisation can create or change rules.

  • How long does it take for a rule to become active after it has been created?

    It can take up to 10 minutes after creating/modifying a rule for it to take effect when sending/receiving.

  • Where can I see whether an e-mail has been encrypted or decrypted?

    Which emails have been encrypted, decrypted or signed can be viewed in the email overview under the IKARUS mail.security menu item. You can also filter by status.

  • Which encryption is used?

    S/MIME uses asymmetric encryption. The recipient’s public key is used to encrypt content, which can only be decrypted again using the private key.

  • How can the exchange of the public key take place?

    The public keys required for encryption can be exchanged via an unencrypted, signed e-mail. IKARUS mail.security extracts and saves the key automatically.


IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500


Support hotline:
+43 1 58995-400

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download