What is S/MIME? (original) (raw)

Last Updated : 23 Jul, 2025

S/MIME stands for Secure/Multipurpose Internet Mail Extensions. Through encryption, S/MIME offers protection for business emails. S/MIME comes under the concept of Cryptography. S/MIME is a protocol used for encrypting or decrypting digitally signed E-mails. This means that users can digitally sign their emails as the owner(sender) of the e-mail.

Emails could only be sent in NVT 7-bit format in the past, due to which images, videos, or audio were not a part of e-mail attachments. Bell Communications launched the MIME standard protocol in 1991 to increase the email's restricted functionality. S/MIME is an upgrade of MIME (Multipurpose Internet Mail Extensions). Due to the limitations of MIME, S/MIME came into play. S/MIME is based on asymmetric cryptography which means that communications can be encrypted or decrypted using a pair of related keys namely public and private keys.

How S/MIME Works

S/MIME enables non-ASCII data to be sent using Secure Mail Transfer Protocol (SMTP) via email. Moreover, many data files are sent, including music, video, and image files. This data is securely sent using the encryption method. The data which is encrypted using a public key is then decrypted using a private key which is only present with the receiver of the E-mail. The receiver then decrypts the message and then the message is used. In this way, data is shared using e-mails providing an end-to-end security service using the cryptography method.

**Advantages of S/MIME

1. It offers verification.
2. It offers integrity to the message.
3. By the use of digital signatures, it facilitates non-repudiation of origin.
4. It offers seclusion.
5. Data security is ensured by the utilization of encryption.
6. Transfer of data files like images, audio, videos, documents, etc. in a secure manner.

**Services of S/MIME

S/MIME (Secure/Multipurpose Internet Mail Extensions) is used to secure email communication by providing encryption, authentication and digital signatures. Here are some real-life applications:

1. **Corporate Email Security: Protects sensitive business communications, ensuring confidentiality and authenticity through digital signatures and encryption.
2. **Government Agencies: Secures communication of classified information and validates legal documents.
3. **Legal Sector: Secures legal document exchanges and provides digital signatures for authenticity.
4. **Cross-Border Communication: Secures international business and government communication.
5. **Personal Email Security: Individuals use S/MIME to secure personal communications and private data.
6. **Cybersecurity: Helps prevent phishing and email spoofing by verifying the authenticity of emails.

Versions of S/MIME Versions

• 1st Version: 1995
• 2nd Version: 1998
• 3rd Version: 1999

Microsoft products that support the third version of S/MIME:-

• Microsoft Outlook 2000 and more ( SR-1 ).
• Outlook Express 5.01 and later.
• Microsoft Exchange version 5.5 and later.

How to Get S/MIME Certificates

The following are steps to have S/MIME certificates for securing your emails:

• **Choose a Certificate Authority: You can select any trusted Certificate Authority, such as Sectigo, DigiCert, or GlobalSign, that has the functionality to provide you with S/MIME certificates. Most of these Certificate Authorities provide both free and paid versions according to one's needs.
• **Get or Apply for a Certificate: Log on to the website of the CA, and select the S/MIME certificate you would like to buy or apply for. You might be asked for your name, email address, and organizational details.
• **Validate Your Identity: The CA may request you to validate your identity before issuing the certificate. It could be in the form of email verification, sending official documents, or other means of authentication.
• **Download and install the certificate: If your identity can be verified, then a CA issues your certificate. Instructions will be provided about downloading/installing the certificate into your email client say, Outlook or Apple Mail.
• **Configuration of Your Email Client: Configure your email client to use the S/MIME certificate for encrypting and digitally signing all of your messages upon installation. Typically, this step is different for various clients. However, in general, you will need to pick the certificate within the security settings.
• **Test Your Setup: At a minimum, you will have to send an email to test that everything works fine with both encryption and digital signing.

**New S/MIME Requirements in 2024

There was large number of modifications happened in the way S/MIME certificates are issued after 2023. Many of these changes result from new S/MIME Baseline Requirements from the CA/Browser Forum.

• **New Intermediate CA Certificates: Certificate authorities, including DigiCert, have migrated to new intermediate CA certificates in order to stay compliant with baseline requirements. This transition is said to be an improvement in security and trust.
• **Mailbox validation: To get an S/MIME certificate for a shared email address, such as Gmail or Outlook, it requires mailbox validation in order to have a greater degree of control over the email account.
• **Organization Units (OUs) Removed: Public S/MIME Certificates no longer support the use of Organization Units for public S/MIME certificates, newly-issued to simplify the structure of the certificate and to increase security.
• **Email Address in SAN: Please add the email address in the SAN field of the helping certificate for better identification.
• **Updated OIDs for certificate policy: The object identifiers for the relevant certificate policies have been updated to accommodate the new S/MIME Baseline Requirements.