Back to Blog Posts

Encrypting Your Emails with S/MIME

By Matt / April 22nd, 2020

Whether you're thinking about personal or business communication methods, one of the most important mediums continues to be email. In 2020, there are over 4 billion email users worldwide, and 306 billion emails get sent every single day. But, just because we're sending and receiving emails, it doesn't mean that those emails are always secure. In fact, email is the most popular way to infect a computer with malware, and email filters aren't able to catch all the spam and phishing emails that we get sent on a daily basis. So, the way we send emails becomes increasingly important, and that's where S/MIME comes in.
What is an S/MIME (Client) Certificate?
Let's start with understanding the acronym. S/MIME stands for Secure/Multipurpose Internet Mail Extensions. It's a universal web standard that's used to encrypt MIME data (otherwise known as emails). It was developed by RSA Data Security but has been adopted by the IETF (Internet Engineering Task Force) as the golden standard in email security.

S/MIME is a client certificate based on asymmetric encryption that uses two different keys: one private and one public that are related to one another.
How does it work?
S/MIME follows a process that's based on asymmetric encryption (also called Public Key Infrastructure) that focuses on encryption, authentication, and integrity through a digital signature.

With S/MIME your emails are signed digitally so that only the recipient of the email can read your message, and they know that the email came from you (and not someone pretending to be you). As the email moves from you to the recipient, encryption maintains the email's integrity, so that no unauthorised third-party is able to access, intercept or in any way tamper with the data.

The role that the keys play in the process is integral to S/MIME:
  • When you send an email, it's encrypted by the recipient's public key.
  • When the email arrives in the recipient's inbox, it's decrypted using the private key.
This dual-key encryption means that it can't be intercepted at any point as it remains encrypted from start to finish. This process is called signing.
Why should you encrypt your emails?
The four primary benefits are:
1. Reduced likelihood of interception or intervention while the email is transiting from your account to the recipient.
2. Authentication for the recipient as your signature is attached to every email, so there is less opportunity for email spoofing and phishing attacks.
3. Email content privacy, which prevents Business Email Compromise (BEC) scams, as attackers are unable to access and read your email content.
4. Compliance with regulatory oversight, S/MIME is necessary if you want to comply with email standards across different industries such as General Data Protection Regulation (GDPR), Healthcare Insurance Portability and Accountability Act (HIPAA), U.S. Department of Defense's Defense Federal Acquisition Regulation Supplement (DFARS) and Payment Card Industry (PCI) standards.
How do you encrypt emails?
This is where it gets a bit more complicated. Although S/MIME is supported by most of the larger email clients, for it to work, both the recipient and the sender need to have S/MIME certificates installed to encrypt and decrypt each other's mails.

Here's how it works:
1. The first time you send an email to someone, you attach your digital signature as part of an unencrypted email
2. Once the recipient (who also has to use S/MIME) has your digital signature, they can then reply to you with an encrypted email
3. Providing they also attach their digital signature (something which is handled automatically by most email clients), you will be able to reply with an encrypted email
4. You can now exchange encrypted emails back and fourth

Most of the leading desktop and mobile email clients support S/MIME. Some of the most popular clients include:
  • Outlook (Windows, iOS and Android)
  • Apple Mail
  • iPhone IOS Mail
  • Mozilla Thunderbird
  • Gmail
As with SSL Certificates, S/MIME certificates have a validity period, typically of 1 year, and have to be renewed.
Do I need S/MIME and should I offer it to my customers?
In large part this will depend on the importance of the emails you and your customers send. For anyone where the importance of establishing integrity, upholding privacy, preserving sensitive data and protecting against impersonation matters, S/MIME should be high on the list. S/MIME adoption is becoming more mainstream, and as hosting providers, it's a great additional tool to be able to offer your customers.
Where can I buy S/MIME certificates?
S/MIME certificates are available from most leading security brands that offer SSL Certificates including the likes of Digicert, Comodo and GlobalSign.
Do you have further questions about S/MIME? If so, we welcome you to ask questions in the comments box below.

Liked this article? Share it