GJ, I'm not sure I understood your mail entirely, but here goes. I believe you want to perform encryption and authentication of mail going out from your mail server to all recipients and see the problem, that all those recipients or one or several PKIs/Trust Centres need to provide you with a PGP public key or X.509 certificate (or a different form of public key), asking if there's a way to avoid that. Short answer: No, there isn't. Longer answer: If you want to encrypt data so that only the true recipient can decode it (or want to be able to verify the authenticity on the basis of individual senders), you need to use asymmetric encryption with the public key that only she knows/posesses the corresponding private key for. For that requirement to be fulfilled, she (or a trusted 3rd party such as a trust centre) needs to have created the keypair. Actually, trust centres and PKIs make the game much more practically feasible than the web of trust, because you have to access only a few well-known certificate directories and (manually) place trust in only a few (root) certificates. Another possibiliy would be for you to be your own PKI, to have people enroll public keys to you and you'd somehow verify and sign them. You could create the keypairs yourself, too, but I wouldn't appreciate that if I was a recipient, I'd prefer to create my own keypair. Cheers Tobias