There are many areas of Outlook that are potential problems for administrators. Once such area is the sending and receiving of digitally signed messages.

Digitally signing email messages is a form of protection that can be used to prevent identity fraud and the abuse of email messages sent to and from Outlook. Outlook allows email messages to be sent with cryptographic features such as S/MIME digital signatures and encryption.

Such messages can utilize “public key/private key” encryption technology to make private their email messages so that only recipients who possess a public key are able to view the encrypted email message. There is a complicated mathematical relationship between the two keys such that any message encrypted with the public key can only be decrypted using the specific private key. The reverse relationship is also true: any message encrypted with the private key can only be decrypted using the corresponding public key. It is this reverse relationship which supports digital signatures.

Oftentimes you will run across the situation where an end user complains to you that they cannot open a digitally signed message. When they attempt to do so they receive the following warning message: “Signature not trusted.” This is usually an indication that their email system has not implemented email security yet.

If it is a problem with the certificate then an error message will appear that has a red colored X indicating what part of the certificate is having a problem. Your potential solutions can include editing the trust level for the sender’s certificate. Another possible cause of the problem is an outdated or expired certificate.

You can change the trust level of the sender. You should see a Certificate dialog box that will allow you to edit the trust level by clicking on it. You should click on “Explicitly trust this certificate”.

If the problem is with an outdated or expired certificate then, within the same Certificate dialog box, you should click on View Certificate and then click on the Details tab. You will see fields for the “Valid From” and “Valid To” dates. Check to make sure that the certificate has not expired. If it has expired then you can notify the sender of the email using the expired certificate of the expiration status. That sender will most likely have to contact their administrator to create a new certificate.

This process of creating a new certificate will involve an administrator having to contact a trusted third party who is currently storing all of the public keys for the sender’s company. This third party is called a “Certificate Authority” or CA for short. Such a Certificate Authority would be Verisign. Normally a new public/private key pair will have to be generated and the public key sent to Verisign for the authentication process.

What I’ve just described is the problem and solution for when a recipient cannot open a digitally signed message. Sometimes the problem is just the opposite. Your end user has called you to complain that they themselves cannot send an encrypted email message.

When this situation occurs, you, as the administrator, must verify that the email recipient’s digital ID is stored with the address in the contact list or address book. Check for multiple entries. It is possible that your end user had selected and email address for the recipient that did not have the copy of the recipient’s digital ID. They must use the email address for the recipient that includes a copy of the digital ID before they can successfully send the encrypted email message.

If the changes mentioned above do not correct the security problem then you might have to change the security settings for zone.

You can change the zone settings by:

• Clicking on Options from the Tools menu.
• Then click the Security tab.
• Click on the Zone settings
• Click on the OK button or just hit enter when you get the warning box.
• Select Internet for the “Select a web content zone to specify its security settings”. If you want to see content without getting warnings then move the slider bar for the “Security level for this zone” until you select Low. If you want to see the warnings then move the slider bar until you select Medium.

Troubleshooting Security Problems in Outlook

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators

Running an email server requires attention to security procedures and policies. How do you prevent unauthorized access? How do you protect your users? How do you ensure the safety of your system?

There are security measures you can take to protect your users and your system from unauthorized use and potentially harmful miscommunications.

One of the first areas to address is application-level security. Data which enters the system can be protected at the application layer before it is passed down the protocol stack. This means that the email text is protected (encrypted) before the email packets are delivered to the intended recipient. This also means that the rest of the email packet – Data link header, Internet header, Transport header and Application Header – is unprotected. Only the email text is protected.

Another security measure to implement is that of Non-repudiation. Non-repudiation means that the author of a message cannot deny being the sender of that message. A message can only be denied if there is a reasonable and credible explanation about why the reputed sender of the message is not truly the author. Non-repudiation is an important aspect of an email system for the purposes of trusted communications.

I’ve discussed the needs for public key pairs (a public and a private key) to enable trusted communications between senders and receivers. You can review the methods of public key pair distribution in a previous post. Remember that distribution of public key pairs is necessary to facilitate trusted communications. Incorrect or corrupted public key pairs can lead to miscommunications or worse, fraudulent communications.

Lastly, email can be sent to either individual recipients or to a group of recipients such as on a mailing list. Care must be taken when using mailing lists because it is harder to encrypt those messages than when sending messages to individuals. Encryption protection can be customized in order that each recipient can retrieve the message in its original unencrypted format.

Email Security Measures

Free ebook download: Top 10 Most Popular Troubleshooting Posts for Email Administrators