I have been asked about securing email between us and outside vendors to meet the requirements of the ne HIPA laws. Read, or tried to read and understand I guess the 'sending s/mime secure messages' section of the guide and really don't get it. Where do I start. First I see that we need to get a security cert but we do not run the cert server on the oES box so I looked at verisign. Cheap per year so noe problem there. BUt then I read to send a message to a user I need their cert? Then why do I buy a cert, if I do do I send it to the person we send email to? Hope someone can help.