In the CRL section of the S/MIME certificates panel you can view the public CRL - Certificate Revocation List. Every trust authority maintains a list of certificates that are no longer valid for some reason. Such a list is called a "Certificate Revocation List" (CRL). The URL to the list is embedded in the certificate. The CRL of each trust authority known by the DME system is listed here. The CRL is checked automatically when a certificate is found in an e-mail sent to the DME system.
If the DME server succeeds in looking up the CRL, and the certificate is found in the CRL, the message is rejected.
The DME may be unable to look up the CRL for some reason (such as bad URL specified in certificate, spelling error, or connection error). A setting called Accept certificate even if CRL lookup fails in the Collaboration section of the Server configuration panel specifies whether the certificate (and, by extension, the message) should be accepted even if the DME server could not reach the CRL. See Collaboration.
If you let the mouse pointer rest on the CRL source URL, information about the CRL issuer is displayed in a pop-up information box.