Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.

Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.

Abstract: Business to business secure mail may be provided. Consistent with embodiments of the invention, a protected message may be received. The recipient may request a token from a trust broker, submit the token to an authorization server associated with the sender, receive a user license from the authorization server; and decrypt the protected message using the user license. The protected message may restrict actions that may be taken by the recipient, such as forwarding to other users.

Abstract: Architecture that employs encryption and storage of encryption keys to protect trusted client message content from an untrusted third-party hosted service. Each trusted user machine is configured to optionally apply security to messages. Rules determine when automatic protection is applied and the level of protection to apply. The trusted client automatically downloads the rules (or rules policies) from a trusted rules service and caches the rules locally. During composition, the rules analyze the message and automatically apply security template(s) to the message. The security template(s) encrypt the body of the message, but not the headers or subject. The untrusted message service processes the header and delivers the message to the correct recipient. The hosted service cannot view the contents of the message body, and only intended recipients of the protected message can view the message body. Offline protection is supported, and the user can override protection by the rules.