Mail_Skip_Nokey_Dialog=1 will be set if a user is prompted with an mail encryption failure dialog and selects "Don't show signature or encryption failures again and continue sending".
- is there a policy setting to prevent users from setting Mail_Skip_Nokey_Dialog=1, so that they are always prompted for these kind of failures?
- would it be possible to have a kind of white-list for domains where signature or encryption failures are acceptable?
to set Mail_Skip_Nokey_Dialog=0 is just cosmetic, no more than a daily reminder. The user can overwrite this setting with the first mail after he has launched Notes.
I would treat this as weak point/vulnerability, because we can force encryption through a desktop policy but the user is still able to sent unencrypted mail.