1. Using B2C Service
  2. How SMIME Security Works

How SMIME Security Works

In addition to SSL encryption, Oracle-managed Service mailboxes and general Service mailboxes support S/MIME, an industry standard for ensuring the security of message content through the use of electronic signatures, encryption, or both.

An email address that uses S/MIME has a public certificate as well as a private key that corresponds to the public certificate. The public certificate authenticates the sender and can be used for encryption. The person who replies to the email can use the sender’s public certificate to encrypt the reply, which can then be decrypted only by the original sender using the original sender’s private key.

There are certain situations where S/MIME security options are not available.

  • In Outreach and Feedback mailboxes.
  • When editing multiple incidents simultaneously. You can send a response to more than one incident at a time, but you cannot use secure mail when doing so.
  • When using delayed reporting on the Workspace editor. S/MIME works only if you clear the Delay Report Execution check box in the Report Behavior drop-down list for the Contacts relationship item control on the Workspace editor Design tab. See Overview of Workspace and Script Elements.
This image shows a secure correspondence between two parties, both of whom have S/MIME capability.
This image is an illustration that shows how certificates and keys are used to secure correspondence between two people, Sarah and Tom. The process is described in the surrounding text.

Customers who have S/MIME email can send messages signed with their public certificate to any Oracle-managed Service mailbox or general Service mailbox. When Techmail receives a signed message, it verifies and stores the customer’s certificate and uses it to encrypt any response messages sent to that customer. The customer can then decrypt the response using the private key for the certificate.

Note: Agents responding to a signed message can send a non-encrypted response by selecting Do Not Encrypt from the incident response options. See Sign and Encrypt an Incident Response.

Service S/MIME settings also let you set conditions on how strictly Techmail validates a customer’s public certificate for incoming messages. If Techmail cannot verify a customer’s public certificate, it does not update the customer’s contact record with that certificate.

Tip: When Techmail attempts to decrypt an incoming message or verify an attached certificate, and you have enabled the EGW_SAVE_EMAIL_HEADERS configuration setting to save incoming email headers, the results are appended to the saved mail header.

Note that the customer’s original message is not encrypted. In order to encrypt messages sent from a customer to an Oracle-managed Service mailbox or general Service mailbox, the mailbox must be configured with its own certificate and key, as described in the following procedure. Agent response emails are then signed with the mailbox certificate which customers can use to validate the messages and send encrypted replies. Techmail uses the certificate key to decrypt those replies and process the message contents normally.