Email security

S/MIME: Everything you need to know

In simplified terms, the recipient has a public key and a private key. They provide the sender with the public key, which encrypts the message. Decryption can only then occur with the private key that remains in the recipient's sole possession. Cryptography works in a way that means it's practically impossible for anyone to figure out the private key simply by having access to the public key.

Although we use the term "keys," a better physical analogy would be the recipient posting a box with a unique padlock to the sender. The recipient then puts a letter in the box, shuts the padlock, and returns it to the recipient. The key to the padlock never leaves the recipient.

S/MIME also uses keys to sign messages digitally. In this case, the sender uses their private key to add a digital signature. Then, the recipient can use the sender's public key to verify the signature.

Why a business should use S/MIME

The various features of S/MIME bring several advantages for businesses. However, you'll need to use both the encryption and digital signature elements to enjoy all of the advantages.


Knowing a message is genuinely from the legitimate sender mitigates several business risks. It helps avoid malicious false messages such as fake orders or bogus information targeted to disrupt a business. It also helps reduce the risk of phishing scams that would otherwise succeed when a message looks legitimate. Some businesses use S/MIME for internal messages for this reason.


S/MIME encryption lets businesses send sensitive messages with the same confidence with which web users access personal information, such as health or financial data on secure websites.

Data integrity

The way S/MIME creates and handles digital signatures means the signature is only valid as long as the message's content remains unchanged. If anyone tampers with the message in transit, it invalidates the signature and thus exposes the tampering. This exposure helps tackle cybercrime tactics such as intercepting messages and altering website addresses or bank payment details before relaying the message to the intended recipient.

The S/MIME encryption offers an extra level of detection for any message tampering. Again, any alteration to the message in transit will invalidate the encryption and thus raise the alarm.


Proving somebody sent a message works both ways: it means the sender cannot deny sending a message later on. This proof is particularly useful with any message that acts as a formal or informal contract. Nonrepudiation means both sides can rely on the emails as legally binding and have the confidence to proceed with their contractual obligations.

How to enable S/MIME?

Activating S/MIME depends on the email provider you’re using. For example, if you’re using Microsoft Outlook, the process looks like this:

  1. Obtain a certificate from your helpdesk or IT administrator
  2. Click on Settings > Mail > S/MIME; look for the phrase, “To install it, click here,” and then click that link
  3. You’ll be prompted to “Run” or “Save” the file -- depending on your browser, you’ll either click “Run” or “Open” to continue the installation
  4. Internet Explorer Users: A question will prompt asking you if you trust the domain -- select “Yes.”

If you’re using Chrome, you might receive an error message indicating that S/MIME isn’t configured to work with the current domain. If that error message appears, go to your browser settings and add a S/MIME extension.

Complete activation by closing and re-opening Outlook. You must complete this action before using the S/MIME control.

Found this article useful? Check out our knowledge hub for everything else you need to know about email encryption.


What are the S/MIME features?

Messages remain confidential in transit, and verification of the sender's identity occurs. Alteration of neither the message's content nor the stated identity of the sender can occur in transit without easy detection.

Is S/MIME necessary?

Any business that sends confidential messages or would be at risk from either message tampering or falsified identity needs both encryption and sender verification. S/MIME is arguably the best way to get both these benefits in a protocol that suits the practical requirements of email.

What are the two main purposes of S/MIME?

  • To encrypt the content of email messages in a way that only the intended recipient can decrypt.
  • To confirm the sender's identity through a digital signature and, in turn, confirm the message is authentic.

You might also be interested in ...

What is encrypted email?

Encrypted email should be a key part of every business' cybersecurity strategy. Find everything you need to know here.

Network Encryption

Network layer encryption involves encrypting data as it is sent from one node, and decrypting it on arrival at another. When done correctly this approach plays a valuable role in the “defense in-depth” approach to security by adding a vital layer of encryption on data at the network layer.

Real-world email security – is TLS the answer?

Traditional message encryption protocols such as PGP have often thrown up barriers for both sender and recipient. They remain too technical and complex for the average user, resulting in potentially low adoption rates.