The PGP Universal Server supports encrypting email messages or files to a generic domain key for an external recipient, however the server does not support decrypting email messages or files using a single domain key.

Use the following steps to encrypt all email messages to a domain key of an external recipient:

1. Log into the PGP Universal Server admin interface.
2. Click Mail > Mail Policy and then select the Outbound Policy Chain.
3. Scroll down and click Add Rule.
4. Type a name in the Rule Name field.
5. In the Conditions section, change the value to If any of the following are true.
6. Click the drop down arrow and select Recipient domain
7. Leave the second value as is and type the name of the recipient domain.
8. Select Actions
9. In the Encrypt to section, place a checkmark next to Other Keys/Certificates.
10. Click Import. The Import Key or Certificate screen is displayed.
11. Import a public key file or key block for the recipient domain and then click Import.
12. Optional: Click Key Search and place a checkmark next to Search for keys... and specify a keyserver to search for keys.
13. Click Save.

The PGP Universal Server does not support decrypting incoming encrypted mails to a single domain key for the PGP Universal Server's domain. The PGP Universal Server does not include a single key for the entire domain for encryption and decryption.

Notes:

• The PGP Universal Server 2.x supports mixed key mode environments e.g. SKM, GKM, CKM. This means that users with available existing keys can use their own key and switch between using PGP Desktop for encryption or use the PGP Universal Server Gateway Email feature.
• For version 3.2 and higher which support a PGP group key follow this article, http://www.symantec.com/docs/HOWTO77258

-