HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

ADD A NEW IDEA

Clear

Security

    Showing 56

    Domino should reject messages when the envelope 'From' header differs from the 'From' header in the message body

    A configuration feature is needed in Domino to block emails when the MAIL FROM address (in the envelope) differs from the FROM address in the email header.
    4 months ago in Domino / Security 1 Needs Review

    Server-Rules for E-Mail-Header

    Our provider uses anti-spam software that writes the SPAM probability in the email header. Example: X-Spam-Level: ***** There should be a central way to evaluate the email header in Domino, for example to add a keyword to the subject line of affec...
    over 1 year ago in Domino / Security 2 Needs Review

    Domino Internet CA should support current standards

    The Domino Internet CA currently does not have extended key usage nor Subject Key Identifier/Authorized Key Identifier (not yet enforced) added to certificates. Those attributes are needed today to be compatible with other environments like Apple ...
    5 months ago in Domino / Security 0 Needs Review

    Authenticated Received Chain (ARC) signing support

    After the integration of the DKIM signature key, SPF evaluation, it would be interesting to complete the support for the anti-spam scheme through the integration of ARC signatures (RFC 8617), which for example solve the problem of message forwardi...
    about 2 years ago in Domino / Security 0 Needs Review

    ID VAULT revert from archive button in ID VAULT Template

    IDV_ENABLE_VAULT_SCAN is a cool feature, while it has a little side effect. If user was away for a week User.ID is archived from vault and no longer can be extracted used. see technote. https://support.hcl-software.com/csm?id=kb_article&syspar...
    7 months ago in Domino / Security 0 Needs Review

    Enhance OIDC to support dynamic custom claims

    When using OIDC in Domino as a provider, need to be able to limit who can authenticate with each registered client application. Also, there needs to be an available ability to include the groups an authenticating user is in as part of the custom "...
    6 months ago in Domino / Security 0 Needs Review

    Totally remove SentBy and OnBehalfOf when sending from a shared mailbox

    The Dutch Government needs to have this option when sending outbound mail. When using shared mailboxes, the mail system automatically adds a “Sent by …” field that reveals the individual sender’s identity. As this constitutes personal data, it rai...
    3 months ago in Domino / Security 1 Needs Review

    ECDSA or Ed25519 support for Notes certificates

    The entire Notes certificates infrastructure is built around RSA. I would suggest to implement ECDSA or ED25519 as well for Notes certificates as an additional option. The key-sizes are smaller, and it's faster as well.
    about 2 months ago in Domino / Security 0 Needs Review

    Document that describes Domino HTTP security settings

    There's a document created years ago: https://www.caicorp.com/2017/11/22/adding-security-http-response-headers-to-ibm-lotus-domino-server-to-get-an-a-rating/ HCL should have a similar document with more security settings.
    over 1 year ago in Domino / Security 1 Needs Review

    Would like to use domcfg.nsf settings when OIDC is used.

    The domcfg is configured on the RP (OIDC client), but the login is handled by the OIDC provider. Since authentication occurs on the provider side, it’s not expected that the domcfg applies there. We would still like to use ''Error & Response''...
    4 months ago in Domino / Security 0 Needs Review
                                        Copyright © 2025 HCLSoftware Limited