Just to set the record straight on mail encryption...
First of all, the answer that you came up with was correct. I am using Domino 5.08 and Notes 5.08 just to be clear; earlier version of Domino/Notes may function differently. The way the encryption works is based on the private key in the users id file. If a user has been sent encrypted mail or sends encrypted mail than ONLY the sender or recipient will be able to view the mail, delegation has no effect on this. If you the user loses the id file for whatever reason and it cannot be restored and it needs to be re-created, then the encrypted mail will no longer be readable as the private key in the id file will be different.
I do however have to disagree with some of grier's comments. The manager ACL right is given to the creator of the file, not the first person to access it. When using the registration process, the owner of the mail file is automatically set to the user that it is being created for, and the ACL level to the mail file is also set at the time of registration - for security, this should probably be set to designer, but issues may arise that require otherwise.
The mail files' user has to be set as manager for delegation to work immediately, as no other ACL level with allow ACL changes (which is how delegation works). If it it set to something other that manager (designer or editor) the the delegation ACL changes are carried out via the admin process on a schedule). Any users that are added to the ACL through delegation are given the "user type" of "Unspecified". Delegation works as follows: "Read Mail, Calendar and To Do documents" gives the delegatee reader access (read public documents). "Read Mail, Calendar and TO Do documents, and send Mail on my behalf" gives the delegatee Author access with Create documents (this may sound funny to have Create documents as another level on Author, but that is how the ACL works). "Read, send and edit any Mail, Calendar and To Do document" gives Editor access. "Delete Mail, Calendar and To Do documents" gives Author with Create Documents and Delete documents, it also puts the delegatee in the "Read Mail, Calendar and To Do documents, and send Mail on my behalf" group.
Changing the mail file owner with the 'this mail file belongs to' field does not change the ACL at all, as far as i can see it changes the fields that shows who the mail is sent from and does not allow deligation to take place unless you have manager rights to the database, it also only allows the 'owner' or a manager (in the ACL) to change the field.
Assume designer access; if you are the 'owner' of the mail and you change the delegation and then shortly after, change the 'owner', the delegation will go through first as it would be queued for the admin process before the 'owner' change.