Security Vulnerability in Outlook 2007 email Encryption

I am using Outlook 2007 and Vista Ultimate. When someone with whom I have 
exchanged digital ID's with sends me an encrypted e-mail and I attempt a 
straight-forward "Reply To" there is an error message "Microsoft Outlook had 
problems encrypting this message ... recipients had missing or invalid 
certificates, or conflicting or unsupported encryption capabilities". The 
choices offered are to send unencrypted or to cancel. However, send 
unencrypted doesn't work.  So then if I save the "Reply To" as a draft, 
restart Outlook, and then send the draft, it appears (to me the sender) that 
the Reply To message was sent as an encrypted e-mail.  However the recipient 
receives an UNENCRYPTED email.  At least that's what I found, based on one 

1/28/2010 2:56:34 PM
outlook.general 7254 articles. 4 followers. Follow

1 Replies

Similar Articles

[PageSpeed] 48

ORTNPalms wrote:

> I am using Outlook 2007 and Vista Ultimate. When someone with whom I have 
> exchanged digital ID's with sends me an encrypted e-mail and I attempt a 
> straight-forward "Reply To" there is an error message "Microsoft Outlook had 
> problems encrypting this message ... recipients had missing or invalid 
> certificates, or conflicting or unsupported encryption capabilities". The 
> choices offered are to send unencrypted or to cancel. However, send 
> unencrypted doesn't work.  So then if I save the "Reply To" as a draft, 
> restart Outlook, and then send the draft, it appears (to me the sender) that 
> the Reply To message was sent as an encrypted e-mail.  However the recipient 
> receives an UNENCRYPTED email.  At least that's what I found, based on one 
> test.

How does the "Reply To message" that was sent appear as an encrypted
message?  Messages you send will never appear encrypted; otherwise, you
would not be able to read those e-mails that you composed.

When you receive an encrypted e-mail, just WHOSE certificate do you think
was involved in that encryption?  It was YOUR e-mail certificate, not the

If you want to *received* encrypted e-mails, you send someone a digitally
signed e-mail so they can save the public key for your e-mail cert.  Then
when they send you an e-mail, they can choose to use YOUR public key to
encrypt their e-mail.  When you receive that encrypted e-mail, you are the
only one that has the private key to do so.  Anyone can encrypt e-mails
using your public key but only you can decrypt it using your private key.

If you want to *send* encrypted e-mails, you first have to get a digitally
signed e-mail from the other party.  You have to save their public key (by
saving the contact info from that e-mail into your contacts).  When you want
to send them an encrypted e-mail, you use THEIR public key.  When they get
your encrypted e-mail, they use THEIR private key to decrypt it.

For someone to have sent you an encrypted e-mail means they had your public
key from your e-mail cert because you previously sent them a digitally
signed e-mail.  So obviously you can read it because you have your private
key for that same e-mail cert.  When you reply, you will need THEIR public
key to encrypt any e-mails you send back to them.  So have they yet sent you
an e-mail that was digitally signed so you could save their public key?
When you reply, is their e-mail address to where you are sending the same
one as what got saved in their contact record in your Outlook?  Certs are
specific to a particular e-mail address.  When replying, you have to use the
contact record you saved when you previously saved them when you got a
digitally signed e-mail from them.  Maybe you have more than one contact
record for that recipient and the one you use doesn't contain their public
key, or you didn't even use that saved contact record with their public key
when you replied to them.
1/28/2010 10:03:13 PM

Similar Artilces:

Outlook and Word #2
On eof my users has a laptop running winxp, outlook 2002, and office 97. It is the way the whole company is set up. The problem he is having is, when he replies to an email, the Word editor tries to open, which it can't since the versions do not match, errors out and then opens up outlook. His editor settings are html with no check boxes saying to use word as an editor. These are also set by policy so they are greyed out, not allowing him to change it. My question is, how do I get Outlook to quit trying to use Word first when replying to an email? Open a command prompt and type g...

User Clss Security
I am new to Microsoft Dynamics, and performing an evaulation using Rel.9. I am attempting to set up user class security to assign to usrs when I add them. When I set up a class for purchaing for example, selecting Windows and a series of Purchasing to allow access to the purchaing screens and save this. Then create a user and assign the class to the user I am creating, the end result when I print a security report for this user, the user has far more authorizations than the windows I granted to the Purchaning class. Authorizations include advanced security, Financials and many others. W...

using interop to create document word 2007
I am using c# and word interop to open a mailmerge document fill it in and then display it to the user. Once i display it the c# app has nothing more to do with the word document. The user can edit it as needed and then save it as a pdf and that is fine. The issue is I would like to set the default path for the document and it could be a network drive or sharepoint and will change every time also it will never be where the original document was opened. ...

custom entity and email creating
Hello, I have created a custom entity. When creating an email activity for this entity, the Email address field isn't automatically added, as is the case in account, contact etc. also, when clicking the magnifier icon this entity doesn't appear in the "look for" field. Is there a way to do one or both of these things? Help would be most appreciated. If you create an email activity from within the account or contact entity, fields will be automatically populated vs. creating the email activity outside the entity and manually populating fields. "Chen Hirsh" wrote...

Advanced Security Error
When I am in the Advanced Security form, I will select a user class (or user) and then select the "by menu" option on right of the form, I get the following error; The stored procedure WDC_Security_CloneClassEntity returned the following results: DBMS: 0, Microsoft Dynamics GP: 50403. I have search the knowledgebase and googled it and I can't find anything about how to fix this error. This error code means that it was trying to clone from an entity that did not exist in the Accelerator tables. I suggest that you Reset the Accelerator from the Advanced Security Options w...

Start with Shortcuts in Outlook 2003
How do I make Outlook 2003 to always start with Shortcuts? Try Tools Options Click other tab at top on options window click advanced options then click on browse button to choose shortcuts "ie mail folder". "Michael Frost" <> wrote in message > How do I make Outlook 2003 to always start with Shortcuts? It worked! Thanks. ...

Disable user to send email out in Exchange 5.5
I would like to configure a mailbox from Exchange 5.5 that only allow a particular mailbox to receive email message but could not send out, no matter send out to internet or internal user. Could anybody show me how to config it, please. Try just setting the limit for send to be like 1k on that mailbox. Each time they try to send it would say they are over the limit. -- Hope that helps, Dan Townsend This posting is provided "AS IS" with no warranties, and confers no rights. Please do not send email to this address, post a reply to this newsgroup. Use of included script samp...

Please Advise: Outlook 2007 crashes constantly
I just recently started using it on this system, and the program will not stay open for more than a few seconds, or at most a few minutes. I cannot find a conflict or an update that I don't already have. Any troubleshoots? Start with; -- Robert Sparnaaij [MVP-Outlook] Coauthor, Configuring Microsoft Outlook 2003 Outlook FAQ, HowTo, Downloads, Add-Ins and more Real World Questions, Real World Answers ----- "Questions" <>...

Outlook's HTML generator
Outlook seems to rewrite my HTML newsletter when emailing HTML. The changes are minor, yet have perplexed me. Let me first say that the Outlook options are as following: compose in this message format - "HTML"; uncheck "Use Word as Editor"; choose custom stationary. First, Outlook's HTML generator converts lower-case HTML to upper-case. Why? As many web developers know, we have begun using lower-case since xHTML strict is case sensitive. Second, Outlook's HTML generator parses my CSS styles in groups. For example, the p, td, ul { } becomes p { }, td { }, ul { }....

how to i connect my hotmail to my outlook?
i have recently installed outlook on my machine and would like to link my hotmail account to it but haven't got a clue how. please help? From what I read in Hotmail "Help" - Looks like they want you to subscribe to Premium service. "To protect our users from the increasing amount of unsolicited junk e-mail or spam sent from MSN HotmailSympatico Mail accounts through Outlook and Outlook Express, we have reluctantly had to restrict the new use of Outlook and Outlook Express to subscribers. By making this feature part of a subscription, (which requires a user to provide bil...

Problems with Exchange 2003 and Outlook 2003 SP2
Good evening! We are experiencing strange problems with the above mentioned combination. There are several users who use Outlook 2003 SP2. There is also one user who uses Outlook 2000 SR-1 and two users who use Outlook XP SP3. Okay, what is the problem? Good question. The users who have Outlook 2000 and Outlook XP do not have any problems receiving all their e-mails and seeing all of those incoming e-mails in their Inbox via Outlook 200x. However, those users that use Outlook 2003 SP2 do have a problem seeing all their e-mails. That is to say that not all of the e-mails that they h...

Sending an Email(not template) in Workflow to a Contact
Hi, I am trying to figure out which Contact is used when you send an email in workflow without using the template. I know that if I select the Logical User Account then it uses the Email address field on the Account screen, but I cannot see or find which Contact email address is used when the Logical User Contact is used. I thought it might be the Primary Conact in the Account but it does not work. I get a Fail message in the Workflow Logs. <description> Activity party object type is invalid </description><file>d:big long file name.inl</file><line>2903>&l...

Outlook2K7/Vista & Security Certificates??
I'm using Outlook 2007 and Vista Ultimate. My AOL IMAP mail worked fine until a about a week ago. Now I get this error message: "The server you are connected to is using a security certificate cannot be verified. Do want to continue using this server" I click "Yes" and it downloads the new email, but I have to do this each time I open Outlook 2007. Anyone have any clues how to fix this? Any feedback would be greatly appreciated. Thx can you download the certificate and add it to your trusted certs? -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outl...

Email Creation via Workflow rule
I have a workflow rule that generates an email to several individuals each time a Lead is assigned. The email has the owner of the lead in the To: field. The problem I'm running into is From: field is is the same as the To: field which is the owner of the lead. Is there an easy way to make the From field fill in with the user how assigned the lead and not the user who the lead was assigned to. It would be great if you could create a new Logical User. That logic would give the application more flexibilty. But why would you notify via email the person who assigned the lead, dont...

Outlook 2000!
Outlook 2000 Sp3 Yes, I know it's old but I like it! Bit of a problem has arisen. When I print hard copies of emails, the type is very small. This was once not the case, so obviously I have changed some setting inadvertently. There is no 'small size' problem in Word or Excel or other apps. Have tried all printer settings. What have I missed? Cheers all! only time I've run into this, it actually was a setting in Word, because the person was using Word as their email editor... -- Susan Conkey [MVP] "MoiInAust" <> wrote in message new...

Outgoing Hotmail Email Doesn't Work Through Outlook
I have Outlook 2002. I set up my hotmail account with Outlook. I can read my hotmail email just fine; however, I cannot send email via my hotmail account. Email sends fine from an IMAP account that I setup with Outlook. When I attempt to send via hotmail, the message appears to leave the Outbox in the "deliver mail to" .pst folder; however, the outgoing mail is never received by the intended recipient. I have searched extensively on the web for a solution to this problem, but I am at a loss. Any ideas? ...

Now with Money 2005 it seems you are pretty much required to use an MSN Passport to take advantage of its features. This means all your financial information is somewhere on some Microsoft server. Not only some statements from a certain bank, but ALL of your info. Your checking and savings accounts, your investment and retirement accounts and all the necessary passwords to access these accounts at each particular bank. Together with individual notes you may have added to each transaction (and with the combined information of all of your accounts) anyone accessing your data gets a pr...

Converting Outlook Express to Full Version Outlook
Is this possible? Can't seem to find any information online that give instructions how to do this. At the very least, I would like to be able to access both express and the full version. Thanks for any assistance you can offer. Describe more accurately what you want to do, bearing in mind that Outlook is in no way related to Outlook Express. They are completely different programs. Outlook is not an upgrade to Outlook Express. -- Russ Valentine [MVP-Outlook] "LauReen" <> wrote in message news:058901c4a67e$f298b240$a301280a@phx.gbl... > Is...

Outlook send emails
I have two problems that I am unable to resolve myself and wonder if anyone can offer helpful advice. 1. I have two email users on my computer one can send and receive emails very easily the other can receive emails but for an unknown reason is unable to send. The details box is shown on screen but when we see the progress complete message the emails remain in the out box and I don't understand why can you help. 2 not really an out look problem but I seem unable to change the configuration of my keyboard from American to English - most issues can be got arount but we don't h...

Proper Security Settings on Exchange Install Folder?
I am trying to nail down the security of our Exchange 2003 servers before we start a mass migration off 5.5. One issue I am dealing with is securing the Exchange install directory, in my case c:\program files\exchsrvr I have a Microsoft Press Book "Secure Messaging with MS Exchange Server 2003" that talks about doing this on page 144, but the details aren't as clear as I would like them. For example, they say to remove the everyone inheritance. I don't have that. (thats not my question - but right away I'm seeing the book completely different from what I have) Th...

how to make outlook go to a different folder (then inbox) when opened or tabbed
Does any one know how to make outlook point to some personal folder when it opens and when coming back from the calendar? Thanks, Reuven. Tools->Options->Other->Advanced->When starting Outlook... --� Milly Staples [MVP - Outlook] Post all replies to the group to keep the discussion intact. Due to the (insert latest virus name here) virus, all mail sent to my personal account will be deleted without reading. After furious head scratching, asked: | Does any one know how to make outlook point to some personal folder | when it opens and when coming back from...

Out of Office Assistant
I am trying to set out of assistant and keep getting the following message. The Out of Office Assistant could not be dispayed. A required action was not successful due to an unspecified error. I then click okay and get the following :- System resources are critically low. Close some windows. Anyone know why ... my system has lots of resource Can you enable/disable the OoOA by using Outlook Web Access? If you don't know about OWA contact your mail administrator for server details. -- Robert Sparnaaij [MVP-Outlook] Tips of the month: -Backup and Restore -Cr...

Statistics with Tasks in outlook
I'd like to have statistics of the use of outlook's task manager. And i would like to have all variables of tasks in an excel 's table. Is it possible? Thanks. ...

Outlook 2003 #203
I am having problems with Outlook 2003. When first opening up Outlook, the email just hangs and you can see the count at the bottom saying 50% done, then 75% done, then 25% done. It just hangs and won't complete without error saying timed out with errors. In the task bar is a icon saying syncronising folders. If I close out of it then open it up again, usually it will load fine. I have tried the detect and repair, and also reinstalling and nothing works. What can I try next to fix the hanging problem? I am running Window XP Home Edition with all the updates applied. The othe...

security setup
is there anyway to change security level of cashier by time. for example from 9am to 1 pm they have different security level and from 1 to 5 they have different. Also is there anyway to disable "tender" button on POS for all cashiers. i want to dedicate one of my machines just to make work orders so knowbody can tender amount on it. thank you Shoby, Not that I'm aware of. If you can't press the F12 Tender button, you can't save the workorder. But you can disable the Amount column in the Tender screen. When in POS, click on the bottom blank button on the le...