S/MIME is a certificate-based encryption solution that allows you to both encrypt and digitally sign a message. The message encryption helps ensure that only the intended recipient can open and read the message. A digital signature helps the recipient validate the identity of the sender.
Both digital signatures and message encryption are made possible through the use of unique digital certificates that contain the keys for verifying digital signatures and encrypting or decrypting messages.


To use S/MIME, you must have public keys on file for each recipient. Recipients have to maintain their own private keys, which must remain secure. If a recipient's private keys are compromised, the recipient needs to get a new private key and redistribute public keys to all potential senders.

What does it do? 

S/MIME addresses sender authentication with digital signatures, and message confidentiality with encryption. 

What does it not do? 

S/MIME doesn't allow encrypted messages to be scanned for malware, spam, or policies.


Recommendations and example scenarios 

We recommend using S/MIME when either your organization or the recipient's organization requires true peer-to-peer encryption.

S/MIME is most commonly used in the following scenarios:

  • Government agencies communicating with other government agencies
  • A business communicating with a government agency