In discussing the implementation of Secure Messaging on Unity 5, a question came up. If an encrypted message is forwarded by a user to someone outside our organization, and the recipient's organization also happens to use Unity with Secure Messaging enabled, will the recipient be able to listen to the message, or are the keys only usable for Unity systems within our AD?
No, the recipient will not be able to listen to the message. I haven't tested this scenario, but the only way for the encrypted message to leave the AD forest is via Outlook with ViewMail. If using VPIM, the message has to be decrypted before it is sent out via SMTP to the remote Unity system.
So back to Outlook... more than likely, the message properties that identify the message as a Unity voice message will get stripped off before the message is received by the recipient. In which case, the recipient gets an email with a WAV attachment. When the recipient plays that, the recipient hears the decoy WAV file which says something like "This message is secure, and can only be played back through Cisco Unity clients..."
Even if by some fluke the message properties are retained and the remote Unity recognizes the message as a voice message, as you suspected, because the message was encrypted with a key on the remote Unity, that key is not available on the recipient's Unity to decrypt the message.