FAQs IKARUS mail.security S/MIME-Feature

Email encryption is part of IKARUS S/MIME and is included in the price of IKARUS S/MIME licences. IKARUS S/MIME is available to all IKARUS mail.security users.

Encryption can be applied to all mailboxes managed by IKARUS mail.security that have an active IKARUS S/MIME certificate. Please note that if encryption is enforced for outgoing emails, mailboxes without a valid IKARUS S/MIME certificate affected by this rule will not be able to send!

The optional decryption is also applied to mailboxes without an IKARUS S/MIME certificate.

Managed: A mailbox managed by IKARUS mail.security in this organisation.

External: A mailbox outside this organisation to which mail is sent or from which mail is received.

If emails cannot be sent or received due to forced encryption or decryption, the sender receives an error message in the form of a non-delivery report (NDR) when receiving (= external mailbox) or sending (= managed mailbox).

An active certificate and the recipient’s public key are required to encrypt emails. The keys are automatically exchanged via an unencrypted but signed email as part of the S/MIME certificate and stored by IKARUS mail.security.

An existing certificate for the recipient mailbox is a prerequisite for all inbound rule variants. The optional decryption is also applied to mailboxes without an IKARUS S/MIME certificate.

Yes, S/MIME certificates not obtained through IKARUS can also be managed in IKARUS mail.security. These can be uploaded in the IKARUS portal under the S/MIME menu item. They have the same functionality as IKARUS S/MIME certificates and will be credited to your IKARUS licence quota.

Inbound:

• Not defined: No change to the rules with lower priority, if necessary, the default settings are applied.
• Do not decrypt: Encrypted emails are accepted and delivered in encrypted form.
• Optional decryption (DEFAULT): Encrypted emails are decrypted if possible. Emails that cannot be decrypted are delivered in encrypted form.
• Always decrypt encrypted emails: Unencrypted emails are accepted. If an encrypted e-mail cannot be decrypted, the sender receives an error report.
• Force decryption: Only encrypted emails are accepted. Unencrypted emails are rejected, and the sender receives an error report.

Outbound:

• Not defined: No change to the rules with lower priority, if necessary the default settings are applied.
• Neither sign nor encrypt: Emails are sent unsigned and unencrypted.
• Sign only: E-mails are signed and sent unencrypted (DEFAULT).
• Optional encryption: Emails are signed and, if possible, encrypted.
• Enforce encryption: Emails are only sent signed and encrypted. If this is not possible, the sender receives an error report.

Rules for encryption require the following entries:

• Managed mailbox/domain: max. 20 entries, comma-separated, “ANY” for all mailboxes
  e.g.: max.mustermann@company.at,m.mustermann@company.at,company.at
• External mailbox/domain: max. 20 entries, comma-separated, “ANY” for all mailboxes
  e.g.: erika.musterfrau@partner.at,billing@partner.at,example.at
• Inbound rule (selection field, see Inbound)
• Outbound rule (selection field, see Outbound)

Rules are prioritised, with 1 being the highest priority. New rules are created with the highest priority.

All users of the IKARUS portal with write authorisation can create or change rules.

It can take up to 10 minutes after creating/modifying a rule for it to take effect when sending/receiving.

Which emails have been encrypted, decrypted or signed can be viewed in the email overview under the IKARUS mail.security menu item. You can also filter by status.

S/MIME uses asymmetric encryption. The recipient’s public key is used to encrypt content, which can only be decrypted again using the private key.

The public keys required for encryption can be exchanged via an unencrypted, signed e-mail. IKARUS mail.security extracts and saves the key automatically.