New feature: mailbox.org introduces S/MIME in the webmailer

We are working constantly to strengthen the security of our users. As of now, S/MIME is supported as an additional security measure for the webmailer. With this new feature, users can encrypt their emails and use digital signatures to ensure the confidentiality, integrity and authenticity of their messages. In this blog article, we will explain the benefits of S/MIME and how you can use it on your mailbox.org account.

Especially for business customers, not only the encryption of emails plays a very important role, but also the digital signature. The introduction of S/MIME is therefore particularly relevant for corporate e-mail accounts. Business and private customers on the PREMIUM, STANDARD and LIGHT plans can use the new feature.

What is S/MIME and how does it contribute to email security?

What is S/MIME?

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a security standard for the encryption and digital signature of emails. It enables the secure transmission of confidential information over the Internet and guarantees the authenticity and integrity of emails.

S/MIME is based on the public-key cryptosystem, in which each user has a pair of keys - a public key for encrypting messages and a private key for decrypting messages and creating digital signatures. The public key is passed on to other users, while the private key is kept secret.

The use of S/MIME offers several advantages:

• Confidentiality: by encrypting emails, only the intended recipient and sender can read the content.
• Integrity: The digital signature allows the recipient to check whether the message has been tampered with during transmission.
• Authenticity: The digital signature enables the recipient to verify the identity of the sender and ensure that the message actually comes from the person specified.

How S/MIME contributes to email security

With S/MIME, emails can be encrypted so that only the intended recipient can read the content. This provides protection against unauthorised access to confidential information during transmission. Encryption is carried out using the recipient's public key, which can only be decrypted by the recipient.

Another contribution to security is the digital signature. The digital signature enables the recipient of an e-mail to check whether the message has been tampered with during transmission. The digital signature uses the sender's private key to digitally sign the e-mail. The recipient can then use the sender's public key to verify the signature and ensure that the message actually originates from the specified person and has not been altered.

S/MIME also contributes to authenticity. The digital signature allows the recipient to verify the identity of the sender and ensure that the message actually originates from the specified person. This is particularly important when it comes to confidential or business communications where the identity of the sender is crucial.

The difference between S/MIME and PGP

S/MIME and PGP (Pretty Good Privacy) or GPG (GNU Privacy Guard) are two different standards for securing emails.

Both S/MIME and PGP/GPG offer encryption and digital signatures for emails. However, the main difference lies in the way they are implemented and how they are used.

S/MIME is closely linked to X.509 certificates issued by certification authorities. These certificates contain the user's public key and enable verification of the sender's identity and encryption of messages. S/MIME is integrated into many email clients and services and usually requires certificates to be set up and managed.

PGP and GPG, on the other hand, use a web-of-trust model where users can create their own key pairs and sign the public keys. This enables verification of the sender's identity and encryption of messages. PGP and GPG are usually open-source software and require the installation of a separate program or plugin. They are not as widely used as S/MIME but offer greater flexibility and control over the encryption process.

Another difference is that S/MIME is integrated directly into the email client and does not normally require any additional software installation. PGP and GPG, on the other hand, require the use of a separate program or plugin to perform the encryption and digital signature.

It is also important to note that S/MIME and PGP/GPG use different certification authorities and key management systems. S/MIME is based on the X.509 standard for certificates, while PGP/GPG uses the web-of-trust model.

In terms of security, both S/MIME and PGP/GPG offer strong encryption and digital signatures. The choice between the two depends on individual requirements, the level of control and trust in the certification authorities.

Supported S/MIME certificates in the mailbox.org webmailer

To use S/MIME, a valid certificate is required for each address. The following certificates are supported:

• Volksverschlüsselung
• Thawte
• VeriSign
• DigiCert
• and over 100 other certificates from other providers. You can find out more in our knowledge base ->

Attention: Self-created certificates are not accepted!

S/MIME for mailbox.org business and private customers

Setting up S/MIME in the mailbox.org webmailer

To set up, you need a separate certificate for each e-mail address (and each alias) and can upload this in the webmailer.
To set it up in an external email client (e.g. Thunderbird, Outlook or Mail App), the certificate must be stored there separately.

Find out more about setting up S/MIME in our knowledge base ->

Using S/MIME in the mailbox.org webmailer

There is a new button for using S/MIME, which is simply selected when sending the email. When receiving S/MIME-signed emails, please note that only the certificates listed above are supported.

Find out more about using S/MIME in our knowledge base ->