Cross organizational end-to-end Outlook email security. ES2ES plug-in provides DNSSEC validated s/mime certificate distribution to end users. Supports rsa ecdsa ed25519. S/MIME functionality available in Outlook iy3xk ftc9ky Outlook CERT_CHAIN_DISABLE_AIA

ES2ES: Global, cross-organizational encrypted email on Outlook

Outlook has supported encrypted email from the beginning. But try to send an encrypted email to a colleague and it fails because you do not have their public key. Without encryption the contents of your email will lay unprotected as it traverses intermediate email servers. You could get copies of public keys for every contact prior to sending them email but why isnt this automated? Well it can be by using the same global database all Internet devices already use - the DNS. By placing public email keys in the DNS and having Outlook query the DNS via our ES2ES gateway, encrypted email exchanges become seamless.

TL;DR HowTo:
  1. Setup S/MIME for your email on Outlook (with a trusted CA). FYI:Free s/mime credentials are available at Actalis.
  2. Try sending an encrypted email to our test account This should fail.
  3. Download es2es.exe. here. The file is signed by us/comodo but may need to "Run Anyway". ("certutil -hashfile es2es.exe sha256" = e314a4eadcbb840b39f6865d2c557941ac9f5d0870d3600bdffcf19c7d4ce10a)
  4. Go to the download directory and run it. You should see es2es.exe.log created. FYI:double clicking on the es2es tray icon closes it.
  5. In Outlook add a new address book. LDAP should do it. Restart Outlook
  6. Try sending an encrypted email to again. This should work and you should get response(s).
  7. Peruse es2es.exe.log file. You will see lots going on here including DNSSEC validation*.
If you got this far, congratulations! Here are the steps to put YOUR public email key into the DNS so that anyone can send you encrypted email
  1. First generate a DNS record for the user's S/MIME certificate by sending a SIGNED test email to
  2. This will return the (long) DNS record you can cut and paste into your DNS server.
If you got here - wow! Hell. Send me an encrypted email at n a t s e c @ d c . o r g .

Details (2022 Apr)
* Ok say you hate DNSSEC. Then for Testing Purposes Only, you can add "nodnssec:1" to the es2es.exe.cnf file. You take responsibility for securing your public DNS.

Contact Copyright © 2019-2023 Department C Incorporated Patented