Better safe than sorry. Safeguard your email correspondence against manipulation with S/MIME certificates. Encryption and signatures provide comprehensive email protection.

How does S/MIME work?

Public-key cryptography

The public-key cryptographic system applied by S/MIME uses key pairs: a public and a private key. Each of these keys is unique. The sender and the recipient exchange the public keys in order to effectively encrypt emails.

More email security. With S/MIME.

icon lock
Security

S/MIME protects emails from being read, saved, manipulated or deleted by third parties.

icon eye off
Data protection

Sensitive, confidential and internal data is transfered securely and in compliance with standards.

icon badge
Authenticity

S/MIME authenticates the sender and content of emails, increasing data sovereignty.

icon settings mit zahnrad
Configurable

S/MIME can be used for all email traffic as the default or manually on demand. 

S/MIME classification & validation.

Class 1
Lock

Domain validation (DV)

Class 2
Lock

Organization validation (OV)

Class 3
Lock

Extended validation (EV)

Performance
Domain validation (DV)
  • encrypts email traffic
  • email signing possible
  • proves ownership of email address
  • for use in private environment
Organization validation (OV)
  • secure email encryption
  • email signing possible
  • includes name, email address and signature of sender
  • proves ownership of the email address, verifies identity and/or confirms the existence of the specified organization of the sender 
  • recommended for representing individuals and individuals representing an organization
Extended validation (EV)
  • secure email encryption
  • email signing possible
  • includes name, email address and signature of sender and confirms affliation of person with a company
  • proves ownership of the email address, verifies identity and/or confirms the existence of the specified organization of the sender 
  • recommended for individuals who represent an organization or a department 
Validation
Domain validation (DV)
  • via email
Organization validation (OV)
  • via email
  • copy of identification document
  • proof of listing in commercial registry and/or validation per telephone using number from public directory 
Extended validation (EV)
  • via email
  • copy of identification document
  • proof of listing in commercial registry
  • validation of person's affiliation with specified company using number from public directory and/or verification image of person holding identification document 

We work with all leading certificate authorities.

Discover our S/MIME solutions.

Compatibility & interoperability.
Is the application of S/MIME reliable?

S/MIME certificates count as the global technology standard for encrypting and signing emails. They are supported by mail clients like Windows Mail, Outlook, Apple Mail, Thunderbird, Lotus Notes, Mulberry Mail and more.

Compatibility.

S/MIME is, along with PGP, one of the most widely implemented solutions for email encryption and therefore highly compatible with diverse email clients and application systems. However, the exchange of key pairs is not possible if, for example, the recipient uses S/MIME and the sender uses PGP, as these systems are not compatible with each other. 

Interoperability.

S/MIME certificates from leading providers provide reliable and secure application and interoperability – also between email clients from providers with the largest market shares: Microsoft Outlook, Windows Mail, Mozilla Thunderbird, Apple Mail, etc. Technical hitches occur only in very rare cases. 

Buy and manage S/MIME certificates.

In AutoDNS, you will find a wide range of S/MIME certificates from leading providers and for all use cases. 

  • One platform for all certificates
  • Certificate wizard and CSR generator
  • Price advantages with Multi-year Plan 
  • API for easy implementation

Create account
Buy S/MIME certificates in AutoDNS mockup with basket

S/MIME.
Supporting documents. 

FAQ.

Before purchasing an S/MIME certificate, the following points should be clarified:

  • Is the S/MIME certificate required to protect private emails? Or will it be implemented in a company?
  • Is the validation level, and therefore also the level of trust, important for your customers?  
  • Is authentication by email sufficient?
  • Or should a higher trust and validation level be used in order to preserve the integrity and authenticity of the company?
  • Are you purchasing the S/MIME certificate for your own company?
  • Or are you reselling it to another company? 

It is always a good idea to compare the performance and price of certificates provided by the different certificate authorities in order to find the suitable product for your profile requirements. Please feel free to request a personal consulation with our Partner Success Team. Our experts will help you find the perfect solution for your portfolio or project.

The price range of S/MIME certificates is wide, starting from around €15 up to about €250 per certificate and year. Decisive pricing factors include the provider, class and validation, along with the selected validity period.  Some S/MIME certificates can be purchased with a validity period of up to 36 months. The price per year is often lower for validity periods longer than one year. 
On request, SSL resellers can obtain discounts for higher volumes. Please see AutoDNS for a detailed price overview of the individual S/MIME certificates.

The S/MIME certificate i.e. the link for download is always sent to the respective email address that is specified in AutoDNS when ordering. The link is valid for 30 days. The installation is configured directly in the respective email client. Instructions for this can be found on the support pages provided by the email client.

S/MIME has many advantages:

  • S/MIME provides effective protection against phishing, spoofing and social engineering.
  • S/MIME secures the email communication of individuals, organizations or companies. 
  • S/MIME protects the transmission and content of emails that are transfering sensitive and personal data.
  • Depending on the validation, the trust and security level is clearly visible for users and communication partners.
  • The email sender can be clearly and unequivocally verified by adding a signature. 

If you would like more information about email security, please contact our Partner Success Team.

Certificate authorities, like DigiCert, GlobalSign or Sectigo, offer different S/MIME certificates. These differ according to the level of trust, the digitally proved right of ownership as well as the type of authentication used.

  • Trust level 1 offers a high level of security, is intended for use in a personal environment and is authenticated per email.
  • Trust level 2 requires a more stringent identity check. Validation includes checking that the email address exists, that the company has control over the domain and that the company is listed in the commercial registry. Class 2 certificates also include the company name and are therefore more trustworthy than Class 1 certificates.
  • Trust level 3 offers the highest level of security and is intended for companies and corporations that must meet the highest IT security standards and compliance guidelines. Apart from authentication of the email address, the commercial registry listing is verified and the company is checked with a call using a number from the public directory.

The various classes provide different security levels according to the requirements. You can find an overview of our certificates here.  

Yes, an S/MIME certificate can be used on multiple computers and devices. In order to do this, the option to allow the export of the private key must be selected when first installing the certificate. This will allow the certificate to be imported by other devices. Instructions for this can be found on the support pages provided by the email client.

The signature and encryption of emails is carried out in the respective email clients. In order to activate encryption, a signed email must first be sent to the recipient, who in turn must reply with a signed email. After this, recipient and sender can send each other encrypted emails. This one-time exchange of keys must be carried out with all contacts in order to send encrypted email communication. The encryption and signing of emails is only possible is the recipient also has an S/MIME certificate.

Yes. The email header includes a symbol to indicate whether the email is encrypted (usually a lock) or signed (usually an envelope). By clicking on one of the symbols, further detailed information about the certificate and the certificate owner can be accessed.

Either the communication partners have not yet exchanged keys or one has not implemented an S/MIME certificate. Another reason could be that the contact has an old or incorrect key. In this case, you should delete the contact and the saved contact from the email client and add it again. If the problem persists, our Partner Success Team or Support will be happy to assist you.

When the content of an email is encrypted and signed with S/MIME but is incorrectly coded, an smime.p7s file is created. If the email is not automatically displayed as plain text, the settings in the mail program or a certificate i.e. key is required to decrypt the email.

S/MIME and PGP are based on public-key encryption. Both can be used to signed emails. Both can be used for end-to-end encryption of emails. However, with PGP, the public keys must be mutually signed and exchanged. With S/MIME technology, an infrastructure for certificates and publication is required that is often used in B2B (business-to-business) and B2C (business-to-customer) situations. A user controls the cryptographic key in S/MIME and can choose whether to use it or not for each individual message. Email programs, like Outlook, look for the location of a trustworthy CA (certificate authority) in order to carry out a digital signature and to verify this signature. While PGP, users mutually sign each others' public keys, this is carried out by a central certification authority with S/MIME. These authorities do not sign the public keys, but the certificates, as a certificate always includes the public key with the respective identity.

Please note that S/MIME and PGP are not compatible with each other. Recipients and senders using different technologies cannot exchange signed or encrypted emails. As S/MIME is highly compatible with leading email clients and the exchange of keys is somewhat easier than with PGP, the S/MIME technnology has established itself as the stronger industry standard. PGP, which is free of charge, is often used by tech-savvy people in a private environment, while companies and organizations are more likely to opt for S/MIME.

Data protection and security is increasingly gaining an important role in the EU as well as in other countries. In many economic sectors, sensitive and personal data must be processed on a daily basis and those who are subject to professional secrecy, like lawyers, doctors and psychologists, are often obligated to keep their communication confidential and secure. Since the introduction of the GDPR in Europe, using TLS/SSL encryption for websites has become mandatory. TLS stands for transport layer security and means that the transmission channel between two respective SMTP servers is encrypted. The actual emails are not encrpyted. An explicit legal requirement for using public-key encryption has not (yet) been imposed. However, many corporate groups and large companies include it in their compliance guidelines in order to meet data protection requirements when dealing with customer data and implement S/MIME as a standard for email security. Read our e-paper "Emails in business" to find out more about sending email communication in conformance with the GDPR. 

Yes. Documents can also be signed with DigiCert S/MIME Premium.

There are also specific solutions for this – so-called document signing certificates. With Digital Signature Plus by DigiCert, for example, individuals, teams and organizations can add a digital signature to documents in a number of formats, allowing ownership to be clearly checked and verified. The digital signature is an encrypted has that can only be decrypted by someone who has a copy of the public key. This guarantees that the document has not been manipulated and that attached sensitive data is protected. Documents can also be signed in this way. 

Become our partner.

Do you have questions about the validation or implementation of certificates? Or do you want to conquer the market as an SSL reseller? Take advantage of the immense benefits we can offer you as a leading ISP. We will be happy to advise you.