User-based Email Encryption allows you to encrypt or digitally sign outgoing messages. In order to use the User-based Email Encryption service, you need to activate the User-based Email Encryption service and then install Secure Mail software on the machine you want to send encrypted messages from.
Note: if you also sign up for archiving services, email that has been encrypted for the User-based Email Encryption service will be sent to the archiver in the encrypted format. This is the default setting that cannot be changed.
This Getting Started guide contains the following instructions:
- Verify that the system meets all requirements:
- Operating system: Microsoft Windows 2000 or later version
- The user logged in to the local computer must have administrative privileges
- Email clients: Microsoft Outlook 2000 SR1 or later version OR Windows Mail OR Microsoft Outlook Express 6.0 or later version
- Web Browser: Microsoft Internet Explorer 6.0 or later
- Secure Mail is not available for MAC/Entourage users
- Configure mail client for the user's Exchange mailbox.
- Activate the User-based Email Encryption service for the user: in CONTROL PANEL go to Services > Mailboxes > check the box in the User-based Email Encryption column for the user > click Proceed. If you do not see the column, go to Services > Compliance > Encrypted Email > under User-based Email Encryption click Install.
Important: you will not be able to change user's primary email address after User-based Email Encryption is activated. To change the primary email address, you will first need to deactivate User-based Email Encryption.
Note: User-based Email Encryption can not be used with POP/IMAP mailboxes. It can only be used with Exchange ones.
- After the user is activated, a "Getting Started" email is sent to the user. It contains the activation code and a link to download the software.
The "Getting Started" email contains a download link for Encrypted Message plugin. If user lost the message, please use the Plugin Download link.
Note: even though MacOS client version is available for download, the functionality is very limited and is not supported in Smarsh Hosted Services environment.
- To download the plugin, click the Plugin Download link located in your Getting Started email or use the above link.
- Depending on your operating system, you may be prompted with one or more security warnings. Click Accept/Allow/Run on all security warnings.
- In the Choose Setup Language window, use the drop-down menu to select the appropriate installation language and then click OK.
- At this point, close your email application and any open messages. If you have an email application open, the Files in Use window appears. Close the applications listed in the window and then click Retry. The Welcome to the Encrypted Message Installer window appears. Click Next.
- Read the License Agreement. Select I accept the terms in the license agreement to accept the terms. Click Next.
- Select Setup type – Typical or Custom. Typical is recommended for standard installation. Custom installation allows you to select the installation path and choose whether Encrypted Message will be installed for all users on the computer or only for you. Default installation path is C:\Program Files (x86)\Encryption Services\.
Click Next. If necessary, choose a different Destination Folder by clicking Change and selecting a folder.
- Read the message and then click Install to begin the installation. The Setup Status window appears and shows the progress of the installation. Follow screen messages to complete the installation.
- When the installation is complete, the successful installation window appears. The Activate my software now checkbox is selected by default.
- To complete the installation, click Finish.
- Open the Activation Wizard.
- If the Activate my software now checkbox was selected after installing Encrypted Message, the Activation Wizard will open automatically.
- If you did not select the Activate my software now checkbox, you can continue the setup by clicking Start and then selecting All Programs > Encrypted Message > Encrypted Message Tools & Settings.
- Enter your email address exactly as it appears in your Getting Started email. If you do not have the "Getting Started" email, make sure you enter your primary email address.
Read the Knowledge Base article on What is my username and primary email address for my Exchange mailbox? for more information.
- Click Next.
- Read the License Agreement. Select Accept and click Next.
- Enter your Activation Code exactly as it appears in your Getting Started email.
Note: if you are prompted for your Secure ID password at this step instead of your activation code, it means you have previously activated your software. Enter the Secure ID password, click Next and proceed with the step 9.
- Click Next.
- Enter the Secure ID password and then re-enter the password to confirm. Click Next. This password is prompted for sending encrypted email.
- If you have not previously activated the software, you will be prompted to create a series of password recovery questions. Select a question and then enter the answer. Select questions that you will be able to answer easily, but that are hard for others to guess. Make sure to remember the answers you gave as you will need them in case you forget password and need to reset it. Click Next.
- Review the information you have entered. To continue, click Finish. To edit any information before continuing, click Back. You may receive a prompt to install the certificate. Confirm instalation of the certificate.
- Once the activation process is complete, you will receive a confirmation screen. Click Finish.
Once you've successfully installed and activated Encrypted Message, you can validate the installation by checking the following:
- Click the Start button and then select All Programs. A Encrypted Message folder appears in the list of programs.
- In Outlook a Encrypted Message tab appears on the top ribbon. It will be also available from the Home tab in the New Items menu.
- In Outlook, compose a new Mail Message. An option to Secure this message will appear on the Standard toolbar.
Note: Secure Mail plugin works only if Outlook client is running in the cached mode.
To send an encrypted message:
- In Outlook, compose a message.
- Click Secure.
- Click Send.
- If all of your recipients are User-based Email Encryption subscribers, the password prompt will appear. Continue to step 4.
- If one or more of your recipients are non-User-based Email Encryption subscribers, you will be prompted to create a security question and answer. The security question is used to ensure the identity of the recipient and protect the message from being intercepted by someone other than the intended recipient. Before the recipient can read the message, they will be prompted to answer your security question. If the question cannot be answered correctly, the recipient will not be able to open the message.
- Enter your Secure ID password.
User-based Email Encryption subscribers receive secure messages directly to their email inbox and simply enter their Secure ID password to open the message. Non-User-based Email Encryption subscribers receive a notification message which directs them to the Message Pickup Center to retrieve their secure message. They are prompted to answer a security question set by the message sender in order to decrypt and open the message. A Message Pickup Center account is not required. Non-User-based Email Encryption subscribers would need to answer security question.
Note: a security question will need to be set up for every email sent, even if it is a reply to an existing email thread. The security question can be set to a previously used one, however we do not recommend doing that for security purposes.
Security questions/answers are not transmitted to the recipient in plain text. If the recipient does not know the answer, he needs to contact sender to verify it.
Tip: For an optimal user experience, we recommend that you do not use Microsoft Word as your default editor when composing a secure email message.
Note: the Encrypted Message plugin uses the BCC email address (emx-XXX@securemail.XXX.net) to process (encrypt) the message before sending it to the recipient.