Loading...

Tech Deep Dive

MIME vs S/MIME: secure email standards

Scopri cosa sono MIME e S/MIME, le differenze, la struttura interna e le alternative per la protezione delle email nel contesto della cyber security.

Multipurpose Internet Mail Extensions

Table of contents

  • What is MIME?
  • What is S/MIME?
  • Differences between MIME and S/MIME
  • MIME structure explained
  • The technical structure of S/MIME
  • Limitations and Compatibility Issues
  • Alternatives to S/MIME

Protecting email communications is more critical than ever. Two key standards in this area are MIME and S/MIME—often misunderstood or confused, but fundamentally different in purpose.

This article explores what they are, how they work, their technical structure, the differences between them, and some viable alternatives for email protection.

What is MIME?

MIME (Multipurpose Internet Mail Extensions) is an Internet standard defined in RFC 2045–2049 that extends the original SMTP protocol to support multimedia and multilingual email content.

Why was MIME created?

Until the early 1990s, SMTP only handled plain text messages. This severely limited modern communication: no support for images, documents, formatting, or non-Latin alphabets. MIME was designed to overcome these limitations.

  • Attachments (images, documents, audio)
  • HTML formatting
  • Non-English character sets (like Chinese, Arabic, Cyrillic)

MIME solves all of that by introducing:

  • Content typing
  • Character encoding
  • Multipart messages

MIME structure explained

A MIME message is composed of:

  • Headers: describe the MIME version, boundaries, content types
  • Body parts: each with its own encoding and content type
  • Boundaries: special delimiters separating each content section

Example of MIME headers:

MIME-Version: 1.0

Content-Type: multipart/mixed; boundary="ABC123"

Body of the email:

--ABC123

Content-Type: text/plain; charset="utf-8"

This is the plain text message body.

--ABC123

Content-Type: text/html; charset="utf-8"

<html><body><p><strong>HTML Email</strong></p></body></html>

--ABC123

Content-Type: application/pdf

Content-Disposition: attachment; filename="document.pdf"

Content-Transfer-Encoding: base64

JVBERi0xLjQKJcfs... (Base64 content)

--ABC123--

This message includes plain text, HTML content, and a PDF attachment, each separated by a boundary marker (–ABC123).

MIME email example in Python

Using Python’s built-in email module, we can construct a MIME email like this:

import smtplib

from email.mime.multipart import MIMEMultipart

from email.mime.text import MIMEText

from email.mime.application import MIMEApplication

msg = MIMEMultipart()

msg['From'] = 'sender@example.com'

msg['To'] = 'receiver@example.com'

msg['Subject'] = 'MIME Email Example'

# Plain text

text = MIMEText('This is the plain text part.', 'plain', 'utf-8')

msg.attach(text)

# HTML

html = MIMEText('<html><body><h2>This is HTML</h2></body></html>', 'html', 'utf-8')

msg.attach(html)

# PDF attachment

with open('document.pdf', 'rb') as f:

    attachment = MIMEApplication(f.read(), _subtype='pdf')

    attachment.add_header('Content-Disposition', 'attachment', filename='document.pdf')

    msg.attach(attachment)

# Send (optional)

# with smtplib.SMTP('smtp.example.com') as server:

#     server.send_message(msg)

What is S/MIME?

S/MIME (Secure/Multipurpose Internet Mail Extensions) is an extension of the MIME standard that adds digital signature and encryption to email messages. Developed by RSA Data Security in 1995, it is now defined in RFC 5751 and widely used in corporate and governmental communications.

What does S/MIME provide?

It relies on:

  • X.509 certificates
  • A Public Key Infrastructure (PKI)

S/MIME ensures:

  • Authentication
    Via digital signatures using the sender’s private key
  • Integrity
    Detects unauthorized message tampering
  • Confidentiality
    Protects message content using encryption

How does S/MIME work?

  1. The sender signs the message using their private key
  2. The message is encrypted using the recipient’s public key
  3. The recipient decrypts the message using their private key

This guarantees end-to-end security, making the message unreadable to intermediaries.

S/MIME message header example

Content-Type: application/pkcs7-mime; smime-type=enveloped-data;

 name="smime.p7m"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="smime.p7m"

The smime.p7m file contains the encrypted MIME message packaged in PKCS#7 format, encoded in Base64.

Real-world example using OpenSSL

Step 1: Generate a test certificate

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem

Step 2: Encrypt a message

openssl smime -encrypt -in message.txt -out encrypted.p7m -outform DER cert.pem

To sign a message

openssl smime -sign -in message.txt -signer cert.pem -inkey key.pem -out signed.p7s -outform DER

Requirements for using S/MIME

  • A valid X.509 certificate from a Certificate Authority (CA)
  • A compatible email client (e.g., Outlook, Apple Mail)
  • Key exchange to share public certificates

Pros and cons of S/MIME

Pros:

  • Strong cryptographic protection
  • Email authenticity and integrity
  • Works with many enterprise email systems

Cons:

  • Requires complex certificate management
  • Not supported by default in most webmail services (e.g., Gmail)
  • Limited support on mobile devices

Differences between MIME and S/MIME

The key difference is that MIME formats email content, while S/MIME secures it.

FeatureMIMES/MIME
PurposeFormattingSecurity (encryption + digital signature)
StandardRFC 2045-2049RFC 5751
ProtectionNoneConfidentiality and authentication
RequirementsNoneX.509 certificates + PKI
File extensionsNone.p7s (signature), .p7m (encrypted message)

MIME is the foundation of modern email. S/MIME is optional, but highly recommended in environments demanding secure communication, such as government, legal, healthcare, and enterprise contexts.

Multipurpose Internet Mail Extensions

MIME structure explained

A MIME-compliant email is composed of a structured format that allows the inclusion of multiple types of content—such as text, HTML, and file attachments—in a single email. This structure is the foundation of modern email communication.

1. MIME Headers

Key headers include:

  • MIME-Version: 1.0 → indicates MIME format
  • Content-Type → describes the content type (e.g., text/plain, text/html, multipart)
  • Content-Disposition → defines how the part should be handled (inline or attachment)
  • Content-Transfer-Encoding → indicates how the part is encoded (e.g., Base64)

2. Email Body

The body can contain:

  • Simple plain text
  • HTML content
  • Binary attachments
  • Or a multipart format that combines several parts

The most common multipart types:

  • multipart/alternative → plain text + HTML
  • multipart/mixed → message body + attachments
  • multipart/related → HTML with embedded images

3. Boundary

The boundary is a unique delimiter that separates the parts of a multipart message. It’s defined in the Content-Typeheader.

Example:

Content-Type: multipart/alternative; boundary="XYZ"

4. Encoding

Binary or non-ASCII content (like HTML or attachments) must be Base64-encoded to be compatible with email protocols.

Complete MIME structure example

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary=”XYZ”

–XYZ

Content-Type: text/plain; charset=”utf-8″

This is the plain text version of the email.

–XYZ

Content-Type: text/html; charset=”utf-8″

<html><body><p>This is the <b>HTML</b> version of the email.</p></body></html>

–XYZ–

This format allows email clients to choose which version to display—plain text for compatibility, or HTML for visual richness.

Python example: multipart/alternative email

from email.mime.multipart import MIMEMultipart

from email.mime.text import MIMEText

msg = MIMEMultipart('alternative')

msg['Subject'] = 'Email with text and HTML'

msg['From'] = 'sender@example.com'

msg['To'] = 'recipient@example.com'

text = "This is the plain text part of the email."

html = "<html><body><p>This is the <b>HTML</b> part of the email.</p></body></html>"

msg.attach(MIMEText(text, 'plain', 'utf-8'))

msg.attach(MIMEText(html, 'html', 'utf-8'))

The technical structure of S/MIME

An S/MIME message is a MIME message that has been digitally signed, encrypted, or both, using X.509 certificatesand PKI. S/MIME uses the Cryptographic Message Syntax (CMS), formerly known as PKCS#7, to encapsulate and protect the message.

Types of S/MIME messages

  1. Signed
    Readable, but authenticated via digital signature.
  2. Encrypted
    Unreadable unless decrypted by the intended recipient.
  3. Signed and Encrypted
    Ensures both integrity and confidentiality.

Header examples

Signed message:

Content-Type: multipart/signed;

 protocol="application/pkcs7-signature";

 micalg=sha-256; boundary="signed_boundary"

Contains two parts:

  • The cleartext MIME message
  • The digital signature in PKCS#7 format

Encrypted message:

Content-Type: application/pkcs7-mime; smime-type=enveloped-data;

 name="smime.p7m"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="smime.p7m"

Everything is wrapped inside the .p7m file, which includes the encrypted MIME content.

Encrypted message internals

  • The original MIME message (text, HTML, attachments)
  • The encrypted payload (with Base64 encoding)
  • Sender’s certificate (optional)
  • Encryption algorithm (e.g., AES-256)
  • Signature (optional)

Everything is packaged into a CMS/PKCS#7 structure.

Practical example with OpenSSL

Sign a message:

openssl smime -sign -in message.txt \

  -signer cert.pem -inkey key.pem \

  -out message_signed.eml -outform PEM

Encrypt the signed message:

openssl smime -encrypt -in message_signed.eml \

  -out message_encrypted.p7m -outform DER \

  recipient_cert.pem

Basic Python parsing of .eml with S/MIME payload

from email import message_from_file

with open('email.eml', 'r') as f:

    msg = message_from_file(f)

print("Content-Type:", msg.get_content_type())

print("Filename:", msg.get_filename())

print("Base64 Content Snippet:", msg.get_payload()[:60], '...')

Limitations and Compatibility Issues

Despite its strength, S/MIME has some drawbacks:

  • Requires certificate management
  • Often lacks support in mobile clients and third-party email apps
  • Incompatibility between email systems
  • Webmail clients (like Gmail) do not natively support .p7m files

If the recipient’s certificate is unknown, encrypted emails cannot be sent.

Alternatives to S/MIME

Several alternatives exist to address the limitations of S/MIME:

PGP / OpenPGP

Pretty Good Privacy (PGP) and OpenPGP provide strong end-to-end encryption using public-key cryptography, but without centralized CAs.

Pros:

  • No need for a CA
  • Widely supported in open-source tools (e.g., Thunderbird + Enigmail)

Cons:

  • Users must manage their own keys
  • Less support in corporate environments

STARTTLS and TLS

Transport Layer Security (TLS) can secure the email transmission channel, but not the content itself.

It’s easier to implement, but less secure if servers are compromised.

Encrypted Email Services (ProtonMail, Tutanota)

These providers offer full end-to-end encryption:

  • ProtonMail: based on OpenPGP, transparent to users
  • Tutanota: uses its own cryptographic stack

Drawbacks:

  • Require using the provider’s own platform
  • Limited interoperability

Questions and answers

  1. What is MIME used for?
    MIME enables emails to include rich content like attachments, HTML, and multiple character sets.
  2. What is S/MIME?
    S/MIME is an extension of MIME that adds encryption and digital signatures for secure emails.
  3. How is S/MIME different from MIME?
    S/MIME adds cryptographic security, while MIME only formats the content.
  4. Is S/MIME secure?
    Yes, but its effectiveness depends on proper certificate handling and key protection.
  5. Which email clients support S/MIME?
    Outlook, Apple Mail, and some Android clients support it. Gmail does not, natively.
  6. Do I need a certificate for S/MIME?
    Yes, S/MIME requires an X.509 certificate from a trusted Certificate Authority.
  7. Can I use S/MIME with Gmail?
    Only through third-party plugins or external clients. Gmail’s web interface does not support it.
  8. What are good alternatives to S/MIME?
    PGP, TLS, ProtonMail, and Tutanota are popular alternatives.
  9. Does S/MIME encrypt attachments too?
    Yes, if the message is encrypted, all included attachments are encrypted as well.
  10. Can I use S/MIME on my phone?
    Yes, but only with compatible apps. iOS Mail supports it, Android needs special apps.
To top