S/MIME stands for Secure/Multipurpose Internet Mail Extensions. This hybrid encryption technology secures email communication and counts as the leading email security standard worldwide – and not only in the business environment.
The public-key cryptographic system applied by S/MIME uses key pairs: a public and a private key. Each of these keys is unique. The sender and the recipient exchange the public keys in order to effectively encrypt emails.
The email sender uses the public key of the recipient to encrypt their email. The recipient is notified about whether the email is encrypted and/or signed and can then react accordingly.
The email message can only be decrypted with the private key of the recipient. The private key is only known to the user themselves in order to prevent data being compromised by third parties.
When preparing the email, the sender can add a signature generated by the private key. The recipient can check the signature by using the public key of the sender, which is known to them, thereby verifying that the message really does come from the sender. The sender is clearly and unequivocally verified by means of a signature.
S/MIME protects emails from being read, saved, manipulated or deleted by third parties.
Sensitive, confidential and internal data is transfered securely and in compliance with standards.
S/MIME authenticates the sender and content of emails, increasing data sovereignty.
S/MIME can be used for all email traffic as the default or manually on demand.
With S/MIME Class 1, sensitive data is effectively protected against manipulation in email communication and the integrity of the sender is verified.
The DigiCert S/MIME Premium certificate can be used to sign emails as well as documents. It also allows for the encryption of email communication.
The Digital Signature Plus certificate offers client authentication and allows clients to digitally sign emails. It also enables safe document signing.
GlobalSign PersonalSign Class 1 is the ideal S/MIME certificate for private and business email addresses. It ensures reliable end-to-end encryption.
PersonalSign Class 2 Pro is the fitting solution for protecting business emails. It allows document signing and can also be used for client authentication.
Personal S/MIME certificate is recommended for the encryption and signing of private emails. This allows users in non-business settings to encrypt emails.
S/MIME is, along with PGP, one of the most widely implemented solutions for email encryption and therefore highly compatible with diverse email clients and application systems. However, the exchange of key pairs is not possible if, for example, the recipient uses S/MIME and the sender uses PGP, as these systems are not compatible with each other.
S/MIME certificates from leading providers provide reliable and secure application and interoperability – also between email clients from providers with the largest market shares: Microsoft Outlook, Windows Mail, Mozilla Thunderbird, Apple Mail, etc. Technical hitches occur only in very rare cases.
In AutoDNS, you will find a wide range of S/MIME certificates from leading providers and for all use cases.
Before purchasing an S/MIME certificate, the following points should be clarified:
It is always a good idea to compare the performance and price of certificates provided by the different certificate authorities in order to find the suitable product for your profile requirements. Please feel free to request a personal consulation with our Partner Success Team. Our experts will help you find the perfect solution for your portfolio or project.
The price range of S/MIME certificates is wide, starting from around €15 up to about €250 per certificate and year. Decisive pricing factors include the provider, class and validation, along with the selected validity period. Some S/MIME certificates can be purchased with a validity period of up to 36 months. The price per year is often lower for validity periods longer than one year.
On request, SSL resellers can obtain discounts for higher volumes. Please see AutoDNS for a detailed price overview of the individual S/MIME certificates.
The S/MIME certificate i.e. the link for download is always sent to the respective email address that is specified in AutoDNS when ordering. The link is valid for 30 days. The installation is configured directly in the respective email client. Instructions for this can be found on the support pages provided by the email client.
S/MIME has many advantages:
If you would like more information about email security, please contact our Partner Success Team.
Certificate authorities, like DigiCert, GlobalSign or Sectigo, offer different S/MIME certificates. These differ according to the level of trust, the digitally proved right of ownership as well as the type of authentication used.
The various classes provide different security levels according to the requirements. You can find an overview of our certificates here.
Yes, an S/MIME certificate can be used on multiple computers and devices. In order to do this, the option to allow the export of the private key must be selected when first installing the certificate. This will allow the certificate to be imported by other devices. Instructions for this can be found on the support pages provided by the email client.
The signature and encryption of emails is carried out in the respective email clients. In order to activate encryption, a signed email must first be sent to the recipient, who in turn must reply with a signed email. After this, recipient and sender can send each other encrypted emails. This one-time exchange of keys must be carried out with all contacts in order to send encrypted email communication. The encryption and signing of emails is only possible is the recipient also has an S/MIME certificate.
Yes. The email header includes a symbol to indicate whether the email is encrypted (usually a lock) or signed (usually an envelope). By clicking on one of the symbols, further detailed information about the certificate and the certificate owner can be accessed.
Either the communication partners have not yet exchanged keys or one has not implemented an S/MIME certificate. Another reason could be that the contact has an old or incorrect key. In this case, you should delete the contact and the saved contact from the email client and add it again. If the problem persists, our Partner Success Team or Support will be happy to assist you.
When the content of an email is encrypted and signed with S/MIME but is incorrectly coded, an smime.p7s file is created. If the email is not automatically displayed as plain text, the settings in the mail program or a certificate i.e. key is required to decrypt the email.
S/MIME and PGP are based on public-key encryption. Both can be used to signed emails. Both can be used for end-to-end encryption of emails. However, with PGP, the public keys must be mutually signed and exchanged. With S/MIME technology, an infrastructure for certificates and publication is required that is often used in B2B (business-to-business) and B2C (business-to-customer) situations. A user controls the cryptographic key in S/MIME and can choose whether to use it or not for each individual message. Email programs, like Outlook, look for the location of a trustworthy CA (certificate authority) in order to carry out a digital signature and to verify this signature. While PGP, users mutually sign each others' public keys, this is carried out by a central certification authority with S/MIME. These authorities do not sign the public keys, but the certificates, as a certificate always includes the public key with the respective identity.
Please note that S/MIME and PGP are not compatible with each other. Recipients and senders using different technologies cannot exchange signed or encrypted emails. As S/MIME is highly compatible with leading email clients and the exchange of keys is somewhat easier than with PGP, the S/MIME technnology has established itself as the stronger industry standard. PGP, which is free of charge, is often used by tech-savvy people in a private environment, while companies and organizations are more likely to opt for S/MIME.
Data protection and security is increasingly gaining an important role in the EU as well as in other countries. In many economic sectors, sensitive and personal data must be processed on a daily basis and those who are subject to professional secrecy, like lawyers, doctors and psychologists, are often obligated to keep their communication confidential and secure. Since the introduction of the GDPR in Europe, using TLS/SSL encryption for websites has become mandatory. TLS stands for transport layer security and means that the transmission channel between two respective SMTP servers is encrypted. The actual emails are not encrpyted. An explicit legal requirement for using public-key encryption has not (yet) been imposed. However, many corporate groups and large companies include it in their compliance guidelines in order to meet data protection requirements when dealing with customer data and implement S/MIME as a standard for email security. Read our e-paper "Emails in business" to find out more about sending email communication in conformance with the GDPR.
Yes. Documents can also be signed with DigiCert S/MIME Premium.
There are also specific solutions for this – so-called document signing certificates. With Digital Signature Plus by DigiCert, for example, individuals, teams and organizations can add a digital signature to documents in a number of formats, allowing ownership to be clearly checked and verified. The digital signature is an encrypted has that can only be decrypted by someone who has a copy of the public key. This guarantees that the document has not been manipulated and that attached sensitive data is protected. Documents can also be signed in this way.
Do you have questions about the validation or implementation of certificates? Or do you want to conquer the market as an SSL reseller? Take advantage of the immense benefits we can offer you as a leading ISP. We will be happy to advise you.