Taking Advantage of Outlook 2007’s Support for Secure Messages

Posted on January 8, 2009 by Brien Posey in Exchange Server with 0 Comments

Every morning when I open my mailbox, I’ve got hundreds of messages that have come in overnight. A lot of these messages are spam, but some are from friends, family, or business associates. Obviously, I don’t want to open a bunch of spam, especially since some E-mail messages can be malicious. Instead, I have to look at each message and consciously make a decision on whether I want to open it or delete it. This decision all boils down to trust.

For me, trust involves a few different things. I ask myself questions like:

  • Do I recognize the sender’s name?
  • Does the subject line look like something that I would expect to receive from the person?
  • Is the sender’s name displayed in the same way as it usually is when I receive a message from them?

Although applying this type of scrutiny will help to eliminate a lot of junk, the method isn’t perfect. Sometimes messages that I would rather not open do slip through the cracks, and sometimes I have deleted legitimate messages that looked suspicious. Fortunately though, Outlook provides you with a way of making the messages that you send out more credible to the recipients. You have the option of encrypting a message, or of digitally signing it to prove that the message was from you, and that it hasn’t been tampered with.

Securing an Individual Message

Sometimes you may end up in a situation in which it is undesirable to secure every outbound message. A while back, I ran into a situation where someone was spoofing my E-mail address, and sending some nasty messages to my editors. I immediately invested in a digital certificate and committed to sending only secure messages. I don’t want to specifically name the certificate provider that I used, but I will tell you that it is one of the well known providers. To make a long story short, I had to stop sending secure mail, because for whatever reason, some of my editors were unable to view secure messages.

Even though you may not be able to secure all of your organization’s outbound mail, Outlook does give you the option of securing individual messages. In my opinion though, Microsoft kind of dropped the ball on this feature, because unless you know that the feature exists, you would probably never find it. I think that it would probably be impossible for the average user to secure an individual message unless they were given some really specific instructions, because the feature is so well hidden.

To secure an individual message, click the New button to begin composing a new message. Next, select the Options tab from the new message window. Like the other tabs, the Options tab contains a toolbar that is divided into sections. The options for securing a message are included in the More Options section. So what’s the catch? The message security options are not listed by default. There is a tiny arrow icon at the bottom right of the More Options section. If you click this arrow, then Windows opens a Message Options window. From this point, you can just click the Security Settings button to reveal the Security properties dialog box, shown in Figure A.

Figure A The Security Properties dialog box provides options for securing a message.

Now, just click the Change Settings button and use the resulting dialog box to provide Outlook with your certificate. From there, you can use the Encrypt Message Contents and Attachments check box, or the Add Digital Signature to this Message check box, shown in Figure A, to secure the message.

Securing an Entire Mailbox

Problems with secure messages, like the ones that I described earlier are rare. This is especially true if all of the recipients are running Outlook and trust the cryptographic provider that you got your certificate from. That being the case, then more often than not you are probably going to want to secure the entire mailbox rather than depending on users to secure individual messages. I would however recommend starting out small. Try securing a few user’s mailboxes and see how it works out for a week or two before you secure everyone’s mailboxes.

With that said, securing a mailbox is relatively easy. To do so, open Outlook and select the Trust Center option from the Tools menu.  When the Trust Center opens, choose the E-mail Security option, to reveal the options shown in Figure B.

Figure B You can use Outlook’s Trust Center to secure a mailbox.

You will now have to click on the Import / Export button to associate a certificate with the mailbox. Once you have imported the certificate file, then you can use the various check boxes at the top of Figure B to choose the security options that you want to enable for the mailbox. Click OK when you’re done and the mailbox will be secured.

Conclusion

In this article, I have explained that Outlook 2007 allows you to either secure an entire mailbox, or to just secure individual mailboxes. I then went on to demonstrate both methods.

Got a question? Post it on our Outlook XP/2003/2007 forums!

Sponsored