Enigmail Configuration Manual

Per-Recipient Rules

Overview

Enigmail contains a feature that allows you to define rules for setting encryption, signing and PGP/MIME for every recipient and to define what OpenPGP key(s) to use.

Table of Contents

  1. Accessing the Rules Editor

  2. Per-Recipient Rules Editor Overview

  3. Tips and Tricks

  4. Notes

Note: for advanced users, we also have documentation for editing the rules file directly.



Accessing the Rules Editor

You can access the Rules Editor in a number of ways:
  • Select Edit Per-Recipient Rules from the OpenPGP menu.

  • Right click on an email address in the message preview pane, reading window or compose window, and select Create OpenPGP Rule from Address...

    Per-Recipient Rules Editor Access from Compose Window

    This will take you directly into the Recipient Settings Editor.

  • Right click on an email address in the address book and select Create OpenPGP Rule from Address...

    Per-Recipient Rules Editor Access from Address Book

    This will take you directly into the Recipient Settings Editor.


Per-Recipient Rules Editor Overview

Per-Recipient Rules Editor



Per-Recipient Rules Editor

The Per-Recipient Rules Editor allows you to:
  • View all your rules and see the order in which they will be processed (from top to bottom).

  • See the specific settings for each rule.

  • Add, Modify and Delete Rules using the Recipient Settings Editor.

  • Move rules up and down in the list to change the order of processing.


Recipient Settings Editor



Recipient Settings Editor

The Recipient Settings Editor allows you to:
  • Define the email address(es) of the person you wish to create a rule for in the Set OpenPGP Rules for field.

  • Change how email address(es) specified in the Set OpenPGP Rules for field should be matched using the Apply rule if recipient setting. The address can be matched in one of 4 ways:

    • Is exactly
      Any email address specified in the Set OpenPGP Rules for field will be matched exactly (case insensitive matching).

    • Contains
      Any email address containing the string in the Set OpenPGP Rules for field will match; i.e. entering body@domain will match body@domain.net, anybody@domain.net, somebody@domain.otherdomain.org, etc. (case insensitive matching).

    • Starts with
      Any email address that starts with the string in the Set OpenPGP Rules for field will match; i.e. entering body will match body@domain.net, body2@domain.com, but not somebody@domain.org (case insensitive matching).

    • Ends with
      Any email address that ends with the string in the Set OpenPGP Rules for field will match; i.e. entering domain.com will match body@domain.com, body2@domain.domain.com, but not somebody@domain.net (case insensitive matching).

  • Change the action which the rule will carry out in the Action section.

    • Continue with the next rule for the matching address
      Enabling this function will allow you to define a rule but not have to specify a KeyID in the Use the following OpenPGP keys: field, so that the email address is used to check for a key at the time of sending. Also, further rules for the same address(es) will be processed as well.

    • Do not check further rules for the matching address
      Enabling this function stops processing any other rules for the matching address(es) if this rule is matched; i.e. rule processing continues with the next recipient.

    • Use the following OpenPGP keys:
      Use the Select Key(s).. button to select the recipient keys to be used for encryption. As in the action above, no further rules for the matching address(es) are processed.

  • Change what functions should be carried out by the rule when matched in the Defaults for... section.
    You can individually control the Signing, Encryption, and PGP/MIME settings to be used when the rule is matched.
    Each function has 3 options which decide what will be done when the rule is matched:

    • Never
      Never will not allow the function to be carried out.
      In case of conflicts Never overrules Always.
      For example: If you are sending a signed and encrypted mail to two people that you have defined rules for.
        Person 1's rule is set for Signing: Always, Encryption: Always, and PGP/MIME: Yes, if selected in Message Composition.
        Person 2's rule is set for Signing: Always, Encryption: Never, and PGP/MIME: Never.
      The message will be signed only, as Person 2 cannot receive encrypted mail. Also, should you have turned on PGP/MIME when composing the message, it would have been ignored due to Person2's rule.

    • Yes, if selected in Message Composition
      Yes, if selected in Message Composition allows you to change the setting at time of message creation.

    • Always
      Always turns the function on for every message.
      In case of conflicts Never overrules Always.


Tips and Tricks

If you wish to send a mail to somebody for whom you don't have a rule, and you wish to manually turn on signing, encryption, or PGP/MIME, it will be overridden by the settings in the OpenPGP > Preferences > OpenPGP Security tab and the Per-Recipient Rules, and the message will be sent in plain text.

To get around this, add a new rule.

  • In the Set OpenPGP Rules for field enter @

  • Set Apply rule if recipient to Contains

  • Set Continue with the next rule for the matching address

  • Do not add any keys

  • Set Signing, Encryption, and PGP/MIME to Yes, if selected in message

  • Save the rule and ensure that it is at the bottom of the list of rules.


Notes

  • The rules are processed sequentially in the order displayed in the rules editor. If a rule contains an OpenPGP key, the rule is applied, but the address that matched will not be rechecked in any following rules.

  • In order to minimize the number of entries you have to make in the rules editor, you should set your default settings carefully in Account Settings > OpenPGP Security and in OpenPGP > Preferences > Key Selection.

  • It is highly recommended to enable the option Always confirm before sending in OpenPGP > Preferences > Sending in order to check the resulting status for encryption, signing and PGP/MIME before a message is sent.

  • The settings are stored in an XML file in your profile folder called pgprules.xml.
    If you delete your profile for any reason, you should be sure to back this file up along with your mail, user.js, etc.