Parameter:
EncryptIncomingMailShort description: Encrypts incoming mail server-side for all recipients on this server as soon as it is stored in the mail file.
Profile
Parameter | EncryptIncomingMail |
Category | Mail / Router |
Component | Server |
Available since | 9.0.1 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | Person document / Policy |
Possible values | 0 = store unencrypted (default), 1 = encrypt with the recipient's public key |
Description
With
EncryptIncomingMail=1, the router encrypts every incoming message immediately before writing it into the recipient's mailbox, using that recipient's public Notes key. Afterwards, only the recipient (or someone who possesses their ID file and password) can read the message. The server-side full-text index and server tasks (e.g. Compact, Fixup) can still access the envelope, but the actual content remains unreadable even for administrators.Example configuration
EncryptIncomingMail=1
Notes & pitfalls
- The same effect can be achieved per person/policy via the Encrypt incoming mail field – in modern environments, control via policy is preferable.
- Requires that all recipients have a public key in the Domino Directory.
- Encrypted messages can no longer be full-text indexed by the server – search results within mail files will be missing accordingly.
- Backup/archive tools that work without an ID file likewise cannot see the messages in clear text.