The message security labelling service binds a security label to an MHS object. Security labels can be bound to transferable objects (e.g., messages, reports), MHS entities (e.g., MTAs, UAs), and associations between peer MHS entities (e.g., UAs and MTAs, MTAs and MTAs).
The following simple example illustrates a use of security labels. An MTA services two users: User1 and User2. Each user registers a set of security labels with the MTA. At some later time, a message addressed to both users arrives at the MTA. The message contains a security label with a security classification of Secret. The MTA examines the security labels registered for its users, and ascertains that User1 has registered a Secret security label, however, User2 has not. Depending on the security policy in force, the MTA may deliver the message to User1, and non-deliver the message to User2. By the same mechanism, the MTA may prevent User2 from originating messages containing security labels classified as Secret.
As illustrated in the example, security labels can be used to control the sensitivity of messages originated by and delivered to a user. Section 11.6.2 describes how security labels can also be used to prevent the misrouting of messages.