If the cryptographic treatment of emails at the SEPPmail Secure E-Mail Gateway is to be implemented on the user level, a user licence is to be purchased for each sending email address - irrespective of the cryptographic procedure.

Naturally, this also means that only these users can decrypt personal encrypted emails via the SEPPmail Secure E-Mail Gateway. This is due to the fact that the necessary user-related key material can only be stored in the SEPPmail Secure E-Mail Gateway for these users.

 

These user-specific licences are linked to the email address of the user and are only released again if the email address is deactivated, for instance if the employee leaves the company. If emails are sent from an email address deactivated on SEPPmail Secure E-Mail Gateway, these emails are neither signed nor encrypted (not even via the domain encryption!).

If the affected email address and thus the generally applicable domain encryption (without personal S/MIME, OpenPGP and GINA) are to remain active, this can only be realised through the complete deletion of the user on the SEPPmail Secure E-Mail Gateway. If this user was assigned a certificate (self-signed or official), this is initially revoked and subsequently deleted. With the revocation of the certificates, external communication partners are generally automatically notified about the invalidity of the certificate. This means that, contrary to the mere deactivation, an encryption to the corresponding email address by the communication partner is no longer possible with this certificate.

 

Step 2 to the suitable licence:

Selection of the required signature and encryption licences (for each email address capable of sending emails), plus the necessary annual or triennial maintenance (SW care pack).