MORE INFORMATION
The Signed and Encrypted properties on a Collaboration Data Objects (1.2, 1.21) Message Object correspond to the
SECURITY_SIGNED and
SECURITY_ENCRYPTED flag of the MAPI property
PR_SECURITY. These properties of a message will not be available even if the e-mail client that sent the message set the
PR_SECURITY flag of the message before sending it. Consequently, using these properties to programmatically determine if a message has security on it is unreliable.
Testing revealed that Microsoft Outlook 98 and Microsoft Outlook Express do
not set the
PR_SECURITY property. Therefore the Signed or Encrypted
properties of messages sent from these products will always be FALSE
regardless of the actual Signed or Encrypted state of the message.
An alternate way to determine the security level of a message is to
determine what class the message is. You can access this property by using
the Fields collection of a message object as demonstrated in the following
line of code:
objMessage.Fields(CdoPR_MESSAGE_CLASS).Value
The following Visual Basic code demonstrates how to access this property:
Option Explicit
'Requires a reference to the Microsoft CDO (1.2 or 1.21) library
Private Sub Form_Load()
Dim strServer As String
Dim strMailbox As String
Dim strProfileInfo As String
Dim objSession As MAPI.Session
Dim objInbox As Folder
Dim objMessages As Messages
Dim objMessage As Message
strServer = "MyExchangeServer" 'Insert name of an Exchange Server.
strMailbox = "MyMailbox" 'Insert the name of a Mailbox.
'Create your ProfileInfo string.
strProfileInfo = strServer & vbLf & strMailbox
'Create your session and log onto it on the fly.
Set objSession = New MAPI.Session
objSession.Logon "", "", False, True, 0, True, strProfileInfo
'Create your Inbox object and get all the messages in the inbox.
Set objInbox = objSession.Inbox
Set objMessages = objInbox.Messages
'Get the first message in the objMessages collection.
Set objMessage = objMessages.GetFirst
If objMessage Is Nothing Then
MsgBox "No messages to process"
Else
'Set up a loop to run through all the messages in the inbox.
Do
With objMessage
'Print the subject.
Debug.Print .Subject
'Print the Message Class.
Debug.Print .Fields(CdoPR_MESSAGE_CLASS).Value
Debug.Print
End With 'objMessage
'Get the next message.
Set objMessage = objMessages.GetNext
Loop Until objMessage Is Nothing
End If
'Logoff your session and destroy your objects.
objSession.Logoff
Set objMessage = Nothing
Set objMessages = Nothing
Set objInbox = Nothing
Set objSession = Nothing
Unload Me 'Unload the form
End Sub
Different e-mail clients and security methods create different classes. For
example, a message created in Microsoft Outlook 98 using Exchange security
will have the following properties:
- Unsigned and Unencrypted: IPM.Note
- Signed and Unencrypted: IPM.NOTE.SECURE.SIGN
- Unsigned and Encrypted: IPM.NOTE.SECURE
- Signed and Encrypted: IPM.NOTE.SECURE
On the other hand, if you use Secure - Multipurpose Internet Mail
Extensions (SMIME) from Microsoft Outlook Express to send a signed message, the class will be IPM.Note.SMIME.MultipartSigned.
Therefore, in order to use the Message Class of a message to determine if
the message is signed and/or encrypted, you must determine what message class your e-mail client uses when sending signed and/or encrypted e-mail. Since it would be impossible to maintain a list of the message classes used by every e-mail client available, the preceding code should help you by looping through all the messages in your Inbox folder and display the Message class. This should help you in determining how to perform the tests for signed and/or encrypted e-mail in your application.
Note Creating messages of these classes will not accomplish sending encrypted/signed messages.
The techniques detailed in this article cannot be used in the OnSubmit event of an Exchange Client Extension. Outlook calls OnSubmit for all extensions before it applies any security to the message to ensure that any work done by the extension is also protected. Because of this, the message class will always be IPM.Note regardless of the security settings.
REFERENCES
For additional information, please see the following article in the
Microsoft Knowledge Base:
177853
PRB: PR_SECURITY property is ignored by Exchange Server
Microsoft Developer Network Library; search on: "Signed Property (Message
Object)"; "Encrypted Property (Message Object)"