diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -3189,6 +3189,7 @@
     'PhabricatorMailManagementUnverifyWorkflow' => 'applications/metamta/management/PhabricatorMailManagementUnverifyWorkflow.php',
     'PhabricatorMailManagementVolumeWorkflow' => 'applications/metamta/management/PhabricatorMailManagementVolumeWorkflow.php',
     'PhabricatorMailManagementWorkflow' => 'applications/metamta/management/PhabricatorMailManagementWorkflow.php',
+    'PhabricatorMailMustEncryptHeraldAction' => 'applications/metamta/herald/PhabricatorMailMustEncryptHeraldAction.php',
     'PhabricatorMailOutboundMailHeraldAdapter' => 'applications/metamta/herald/PhabricatorMailOutboundMailHeraldAdapter.php',
     'PhabricatorMailOutboundRoutingHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingHeraldAction.php',
     'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingSelfEmailHeraldAction.php',
@@ -8674,6 +8675,7 @@
     'PhabricatorMailManagementUnverifyWorkflow' => 'PhabricatorMailManagementWorkflow',
     'PhabricatorMailManagementVolumeWorkflow' => 'PhabricatorMailManagementWorkflow',
     'PhabricatorMailManagementWorkflow' => 'PhabricatorManagementWorkflow',
+    'PhabricatorMailMustEncryptHeraldAction' => 'HeraldAction',
     'PhabricatorMailOutboundMailHeraldAdapter' => 'HeraldAdapter',
     'PhabricatorMailOutboundRoutingHeraldAction' => 'HeraldAction',
     'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'PhabricatorMailOutboundRoutingHeraldAction',
diff --git a/src/applications/herald/adapter/HeraldAdapter.php b/src/applications/herald/adapter/HeraldAdapter.php
--- a/src/applications/herald/adapter/HeraldAdapter.php
+++ b/src/applications/herald/adapter/HeraldAdapter.php
@@ -39,6 +39,7 @@
   private $edgeCache = array();
   private $forbiddenActions = array();
   private $viewer;
+  private $mustEncryptReasons = array();
 
   public function getEmailPHIDs() {
     return array_values($this->emailPHIDs);
@@ -1182,4 +1183,17 @@
     return $this->forbiddenActions[$action];
   }
 
+
+/* -(  Must Encrypt  )------------------------------------------------------- */
+
+
+  final public function addMustEncryptReason($reason) {
+    $this->mustEncryptReasons[] = $reason;
+    return $this;
+  }
+
+  final public function getMustEncryptReasons() {
+    return $this->mustEncryptReasons;
+  }
+
 }
diff --git a/src/applications/metamta/controller/PhabricatorMetaMTAMailViewController.php b/src/applications/metamta/controller/PhabricatorMetaMTAMailViewController.php
--- a/src/applications/metamta/controller/PhabricatorMetaMTAMailViewController.php
+++ b/src/applications/metamta/controller/PhabricatorMetaMTAMailViewController.php
@@ -175,6 +175,15 @@
       $properties->addProperty($key, $value);
     }
 
+    $encrypt_phids = $mail->getMustEncryptReasons();
+    if ($encrypt_phids) {
+      $properties->addProperty(
+        pht('Must Encrypt'),
+        $viewer->loadHandles($encrypt_phids)
+          ->renderList());
+    }
+
+
     return $properties;
   }
 
diff --git a/src/applications/metamta/herald/PhabricatorMailMustEncryptHeraldAction.php b/src/applications/metamta/herald/PhabricatorMailMustEncryptHeraldAction.php
new file mode 100644
--- /dev/null
+++ b/src/applications/metamta/herald/PhabricatorMailMustEncryptHeraldAction.php
@@ -0,0 +1,62 @@
+<?php
+
+final class PhabricatorMailMustEncryptHeraldAction
+  extends HeraldAction {
+
+  const DO_MUST_ENCRYPT = 'do.must-encrypt';
+
+  const ACTIONCONST = 'email.must-encrypt';
+
+  public function getHeraldActionName() {
+    return pht('Require secure email');
+  }
+
+  public function renderActionDescription($value) {
+    return pht(
+      'Require mail content be transmitted only over secure channels.');
+  }
+  public function supportsObject($object) {
+    return self::isMailGeneratingObject($object);
+  }
+
+  public function getActionGroupKey() {
+    return HeraldUtilityActionGroup::ACTIONGROUPKEY;
+  }
+
+  public function supportsRuleType($rule_type) {
+    return ($rule_type != HeraldRuleTypeConfig::RULE_TYPE_PERSONAL);
+  }
+
+  public function getHeraldActionStandardType() {
+    return self::STANDARD_NONE;
+  }
+
+  public function applyEffect($object, HeraldEffect $effect) {
+    $rule_phid = $effect->getRule()->getPHID();
+
+    $adapter = $this->getAdapter();
+    $adapter->addMustEncryptReason($rule_phid);
+
+    $this->logEffect(self::DO_MUST_ENCRYPT, array($rule_phid));
+  }
+
+  protected function getActionEffectMap() {
+    return array(
+      self::DO_MUST_ENCRYPT => array(
+        'icon' => 'fa-shield',
+        'color' => 'blue',
+        'name' => pht('Must Encrypt'),
+      ),
+    );
+  }
+
+  protected function renderActionEffectDescription($type, $data) {
+    switch ($type) {
+      case self::DO_MUST_ENCRYPT:
+        return pht(
+          'Made it a requirement that mail content be transmitted only '.
+          'over secure channels.');
+    }
+  }
+
+}
diff --git a/src/applications/metamta/herald/PhabricatorMetaMTAEmailHeraldAction.php b/src/applications/metamta/herald/PhabricatorMetaMTAEmailHeraldAction.php
--- a/src/applications/metamta/herald/PhabricatorMetaMTAEmailHeraldAction.php
+++ b/src/applications/metamta/herald/PhabricatorMetaMTAEmailHeraldAction.php
@@ -13,6 +13,10 @@
   }
 
   public function supportsObject($object) {
+    return self::isMailGeneratingObject($object);
+  }
+
+  public static function isMailGeneratingObject($object) {
     // NOTE: This implementation lacks generality, but there's no great way to
     // figure out if something generates email right now.
 
diff --git a/src/applications/metamta/storage/PhabricatorMetaMTAMail.php b/src/applications/metamta/storage/PhabricatorMetaMTAMail.php
--- a/src/applications/metamta/storage/PhabricatorMetaMTAMail.php
+++ b/src/applications/metamta/storage/PhabricatorMetaMTAMail.php
@@ -259,6 +259,15 @@
     return $this->getParam('mustEncrypt', false);
   }
 
+  public function setMustEncryptReasons(array $reasons) {
+    $this->setParam('mustEncryptReasons', $reasons);
+    return $this;
+  }
+
+  public function getMustEncryptReasons() {
+    return $this->getParam('mustEncryptReasons', array());
+  }
+
   public function setHTMLBody($html) {
     $this->setParam('html-body', $html);
     return $this;
diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
--- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
+++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
@@ -71,6 +71,7 @@
   private $mailShouldSend = false;
   private $modularTypes;
   private $silent;
+  private $mustEncrypt;
 
   private $transactionQueue = array();
 
@@ -2549,6 +2550,13 @@
         $this->loadHandles($xactions);
 
         $mail = $this->buildMailForTarget($object, $xactions, $target);
+
+        if ($this->mustEncrypt) {
+          $mail
+            ->setMustEncrypt(true)
+            ->setMustEncryptReasons($this->mustEncrypt);
+        }
+
       } catch (Exception $ex) {
         $caught = $ex;
       }
@@ -3214,6 +3222,8 @@
         $adapter->getQueuedHarbormasterBuildRequests());
     }
 
+    $this->mustEncrypt = $adapter->getMustEncryptReasons();
+
     return array_merge(
       $this->didApplyHeraldRules($object, $adapter, $xscript),
       $adapter->getQueuedTransactions());
@@ -3558,6 +3568,7 @@
       'feedRelatedPHIDs',
       'feedShouldPublish',
       'mailShouldSend',
+      'mustEncrypt',
     );
   }