What do the account security options mean?
In general, if you leave the default options selected, you'll be fine. But for the curious, here's a more in-depth look at the options you can choose: View Screenshot
Digitally sign all outgoing messages by default: By default, the new messages you compose are just regular, plain 'ol messages. To specify that you'd like it digitally signed, you need to go into the Security item of the Options toolbar icon and choose "Digitally Sign Message". If you plan to digitally sign most messages you send from an account, you can save yourself the hassle of manually changing this option for each message by selecting this option. It is off by default.Include my certificate when sending signed messages: When this option is selected, both your encryption certificate and the certificate that should be used to verify your digital signature are included with the messages you send. This is important because unless the receiver already has a copy of your certificate(s), he or she will be unable to send you encrypted mail, verify your signature, and/or possibly unable to view your message at all. This option is selected by default, and best left that way.
Send clear text signed messages when sending signed messages: This option requires a little background. There are 2 ways that you can send a digitally signed message: opaque, and clear signed.
Sending opaquely means that the entire message (its full contents and the digital signature 'blob') are all collected and processed into one huge MIME chunk that basically forms the message contents when it's sent out. Receiving clients (like Entourage) that know how to handle S/MIME messages can then extract the actual message and digital signature blob, validate it, and display the message to the user. Receiving agents that don't know how to handle S/MIME will just display a blank message with an attachment.
The other option - sending a message clear signed - means that the entire message contents are sent as plain-text, and the digital signature part is just appended to the end of the message as an attachment. In this way, any email client can still read the message even if it doesn't support S/MIME since the message is in plain text (even though it still cannot validate the signature). S/MIME-capable clients can still go through the additional work of checking the message contents and comparing with the digital signature attachment to verify its validity.
In Entourage, when you check the box, you're choosing clear signed and assuring the greatest compatibility with all other clients, which is preferred. When you deselect it, you're choosing opaque signing, and many people may not be able to read your messages. (The advantage of opaque signing is that the message is less likely to be altered by servers on the way to its destination. Some servers, in an effort to be 'smart,' will snoop through a message and quietly and subtly change/convert its contents, thus invalidating the signature. Opaque signing is one way of preventing this.) This option is on by default.
Encrypt contents and attachments for all outgoing messages by default: This is analogous to the digital signature option. By default, the new messages you compose are just regular, plain 'ol messages. To specify that you'd like it encrypted, you need to go into the Security item of the Options toolbar icon and choose "Encrypt Message". If you plan to encrypt most messages you send from an account, you can save yourself the hassle of manually changing this option for each message by selecting this option. It is off by default.