Mechanism processing secure messages

Secure messages, including encrypted and digitally signed messages, are fragile in terms of modifications applied to their body (by "message body" we also mean the attachments included). As a result, some of the actions performed on these messages can either damage their encryption or invalidate a digital sign. However, CodeTwo Exchange Rules Pro is equipped with the secure messages processing mechanism that lets you perform the built-in actions (exceptions apply) on both mentioned types of secure messages, keeping them encrypted and valid.


Be aware that not all encryption and digital signature standards are supported - see supported platforms and requirements.

If you, however, use an encryption technology that is applied ‘on the way’ between sender and recipient, you can configure mail flow rules in your Exchange Server, so that a chosen action (e.g. Insert a signature) is applied before a message is secured (encrypted / digitally signed). In this case, the email signature will be added to messages that haven’t been secured yet.


By default, the program processes both encrypted and digitally signed secure messages. It means that if the conditions set in rules are met, then both types of these messages will be processed by the program. However, you can exclude either of the secure message types from processing by choosing a desired Secure message type on the Exceptions tab of your rule. On the other hand, if you want to instruct the program to execute actions set in rules only on secure messages (excluding other types of messages such as new emails, replies, etc.), go to the Conditions tab in those rules and configure the Secure message type condition.

The mechanism responsible for processing of secure messages validates all actions configured in rules and divides these actions into those that:

If all actions defined in a particular rule can be applied to secure messages, they are executed directly on these messages. As a result, the original secure messages with applied actions are sent.

If, however, the mechanism detects at least one action in a particular rule that is potentially harmful to secure messages, it executes such action by creating the so-called envelope messages in the following way:

  1. First, the mechanism executes applicable actions on secure messages and then creates the envelopes.
  2. The original sender, recipient(s) and subject properties from secure messages are being copied to the envelopes.
  3. The same actions that were performed on secure messages are now being executed on the envelopes.
  4. Next, the program executes the rest of the actions (i.e. the ones that are harmful to secure messages) on the envelopes.
  5. After that, the mechanism adds secure messages to the envelopes as attachments.
  6. Finally, the envelopes including attached secure messages are sent.


The envelope message content can be customized using the editor available in program’s settings (the Secure messages tab). Thanks to that, you can for example add the signature, which you intended to put into the secure message, to the envelope message instead as a fallback.

Learn how to adjust the template of envelopes

It may sometimes happen that some of the actions cannot be executed on secure messages or envelopes. In such a case, the program ignores them and executes only valid actions. If all actions, in turn, cannot be applied to secure messages and envelopes, then the original secure messages are sent intact.

The table below shows which actions are performed directly on secure messages, which force the creation of envelopes and which are excluded from processing:

Action Secure message Envelope
Add recipient Green tick.   Yes Green tick.   Yes
Block message Green tick.   Yes Green tick.   Yes
Modify subject Green tick.   Yes Green tick.   Yes
Rewrite sender's address Green tick.   Yes Green tick.   Yes
Auto respond * Green tick.   Yes Green tick.   Yes
Forward message * Green tick.   Yes Green tick.   Yes
Add attachment    No Green tick.   Yes
Apply full composition X    No Green tick.   Yes
Insert disclaimer X    No Green tick.   Yes
Insert signature X    No Green tick.   Yes
Compress attachments X    No X    No
Force email format X    No X    No
Remove keywords X    No X    No
Remove sensitive content X    No X    No
Remove themes and stationery X    No X    No
Strip / dump attachments X    No    No

Despite the fact that the Auto respond and the Forward message actions can be applied to both secure and envelope messages, they are executed only on one of these messages at once. Such a solution ensures that these actions are not duplicated (messages are not sent twice to the same recipient). The decision whether to execute these actions on secure messages or on envelopes is determined by the presence of at least one other action defined in a particular rule that can only be processed on envelope messages.

Study the examples below to better understand in which scenarios the aforementioned actions will be applied to secure messages or envelope messages:

  • If there is only the Auto respond or the Forward message action set in a rule, then one of these actions is applied to a secure message.
  • If there are only both the Auto respond and the Forward message actions set in a rule, then they are applied to a secure message.
  • If there are either the Auto respond and/or the Forward message action set in a rule and there is at least one other action that requires creation of an envelope message, then the Auto respond and/or the Forward message actions are applied to the envelope. The rest of actions if present, in turn, are executed in one of the patterns described above.

In this article

Was this information useful?