S/MIME is probably the most common standard procedure for secure email communication. This is mainly due to the underlying hierarchical trust structure. With this structure, electronic signatures can be checked automatically. One precondition is that the signature certificates are issued by a trustworthy certificate authority (CA).

By this automatic creation of trust, the public key (certificate) of the signatory can be included in the signature. This is required for verifying the integrity of the contents and the authenticity of the sender for incoming emails as well as for the encryption to the signatory for outgoing emails.

 

The CA and the certificate can be compared to a passport office and the passports issued by them.

If the SEPPmail Secure E-Mail Gateway does not know the issuing CA of a signature certificate, the root certificate of this CA is collected from the signature, and the administrator is notified. The administrator then decides whether the CA certificate and thus the certification authority is to be regarded as trustworthy in the future (semi-automatic procedure).

 

If the CA has already been deemed trustworthy, the SEPPmail Secure E-Mail Gateway collects the (valid) certificates of the communication partners when verifying the signatures so that they will be available for the subsequent encryption.

 

S/MIME is suitable for both personal and domain-specific (see Gateway-To-Gateway (Domain) Encryption) encryption.