Details
This policy setting controls how Outlook handles S/MIME receipt requests. If you enable
this policy setting, you can choose from four options for handling S/MIME receipt requests
in Outlook- – Open message if receipt can’t be sent – Don’t open message if receipt can’t be
sent – Always prompt before sending receipt – Never send S/MIME receipts If you disable or
do not configure this policy setting, when users open messages with attached receipt
requests, Outlook prompts them to decide whether to send a receipt to the sender with
information about the identity of the user who opened the message and the time it was
opened. If Outlook cannot send the receipt, the user is still allowed to open the message.
The recommended state for this setting is- Enabled-Never send S/MIME receipts.
*Rationale*
Incoming signed or encrypted messages might include S/MIME receipt requests. S/MIME
receipts provide confirmation that messages are received unaltered, and can include
information about who opened the message and when it was opened. By default, when
users open messages with attached receipt requests, Outlook 2010 prompts them to decide
whether to send a receipt to the sender with information about the identity of the user who
opened the message and the time it was opened. If Outlook cannot send the receipt, the
user is still allowed to open the message. In some situations, allowing Outlook to
automatically send receipt requests could cause sensitive information to be divulged to
unauthorized people.
Solution
To implement the recommended configuration state, set the following Group Policy setting
to Enabled.
User ConfigurationAdministrative TemplatesMicrosoft Outlook
2010SecurityCryptographyS/MIME receipt requests behaviorS/MIME receipt requests
behaviorThen set the Handle messages with S/MIME receipt requests in the following
manner- option to Never send S/MIME receipts.
Impact-Configuring this setting to ‘Never send S/MIME receipts’ does not affect users’ ability to
open and read e-mail messages. However, people who send messages with attached receipt
requests to users affected by this setting will not receive the requested S/MIME receipts,
which could cause confusion. Consider educating users about this setting so that they can
advise e-mail correspondents to not expect any receipts they request.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.