Table of contents
- What is MIME?
- What is S/MIME?
- Differences between MIME and S/MIME
- MIME structure explained
- The technical structure of S/MIME
- Limitations and Compatibility Issues
- Alternatives to S/MIME
Protecting email communications is more critical than ever. Two key standards in this area are MIME and S/MIME—often misunderstood or confused, but fundamentally different in purpose.
This article explores what they are, how they work, their technical structure, the differences between them, and some viable alternatives for email protection.
What is MIME?
MIME (Multipurpose Internet Mail Extensions) is an Internet standard defined in RFC 2045–2049 that extends the original SMTP protocol to support multimedia and multilingual email content.
Why was MIME created?
Until the early 1990s, SMTP only handled plain text messages. This severely limited modern communication: no support for images, documents, formatting, or non-Latin alphabets. MIME was designed to overcome these limitations.
- Attachments (images, documents, audio)
- HTML formatting
- Non-English character sets (like Chinese, Arabic, Cyrillic)
MIME solves all of that by introducing:
- Content typing
- Character encoding
- Multipart messages
MIME structure explained
A MIME message is composed of:
- Headers: describe the MIME version, boundaries, content types
- Body parts: each with its own encoding and content type
- Boundaries: special delimiters separating each content section
Example of MIME headers:
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="ABC123"
Body of the email:
--ABC123
Content-Type: text/plain; charset="utf-8"
This is the plain text message body.
--ABC123
Content-Type: text/html; charset="utf-8"
<html><body><p><strong>HTML Email</strong></p></body></html>
--ABC123
Content-Type: application/pdf
Content-Disposition: attachment; filename="document.pdf"
Content-Transfer-Encoding: base64
JVBERi0xLjQKJcfs... (Base64 content)
--ABC123--
This message includes plain text, HTML content, and a PDF attachment, each separated by a boundary marker (–ABC123).
MIME email example in Python
Using Python’s built-in email module, we can construct a MIME email like this:
import smtplib
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
from email.mime.application import MIMEApplication
msg = MIMEMultipart()
msg['From'] = 'sender@example.com'
msg['To'] = 'receiver@example.com'
msg['Subject'] = 'MIME Email Example'
# Plain text
text = MIMEText('This is the plain text part.', 'plain', 'utf-8')
msg.attach(text)
# HTML
html = MIMEText('<html><body><h2>This is HTML</h2></body></html>', 'html', 'utf-8')
msg.attach(html)
# PDF attachment
with open('document.pdf', 'rb') as f:
attachment = MIMEApplication(f.read(), _subtype='pdf')
attachment.add_header('Content-Disposition', 'attachment', filename='document.pdf')
msg.attach(attachment)
# Send (optional)
# with smtplib.SMTP('smtp.example.com') as server:
# server.send_message(msg)
What is S/MIME?
S/MIME (Secure/Multipurpose Internet Mail Extensions) is an extension of the MIME standard that adds digital signature and encryption to email messages. Developed by RSA Data Security in 1995, it is now defined in RFC 5751 and widely used in corporate and governmental communications.
What does S/MIME provide?
It relies on:
- X.509 certificates
- A Public Key Infrastructure (PKI)
S/MIME ensures:
- Authentication
Via digital signatures using the sender’s private key - Integrity
Detects unauthorized message tampering - Confidentiality
Protects message content using encryption
How does S/MIME work?
- The sender signs the message using their private key
- The message is encrypted using the recipient’s public key
- The recipient decrypts the message using their private key
This guarantees end-to-end security, making the message unreadable to intermediaries.
S/MIME message header example
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
The smime.p7m file contains the encrypted MIME message packaged in PKCS#7 format, encoded in Base64.
Real-world example using OpenSSL
Step 1: Generate a test certificate
openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out cert.pem
Step 2: Encrypt a message
openssl smime -encrypt -in message.txt -out encrypted.p7m -outform DER cert.pem
To sign a message
openssl smime -sign -in message.txt -signer cert.pem -inkey key.pem -out signed.p7s -outform DER
Requirements for using S/MIME
- A valid X.509 certificate from a Certificate Authority (CA)
- A compatible email client (e.g., Outlook, Apple Mail)
- Key exchange to share public certificates
Pros and cons of S/MIME
Pros:
- Strong cryptographic protection
- Email authenticity and integrity
- Works with many enterprise email systems
Cons:
- Requires complex certificate management
- Not supported by default in most webmail services (e.g., Gmail)
- Limited support on mobile devices
Differences between MIME and S/MIME
The key difference is that MIME formats email content, while S/MIME secures it.
Feature | MIME | S/MIME |
Purpose | Formatting | Security (encryption + digital signature) |
Standard | RFC 2045-2049 | RFC 5751 |
Protection | None | Confidentiality and authentication |
Requirements | None | X.509 certificates + PKI |
File extensions | None | .p7s (signature), .p7m (encrypted message) |
MIME is the foundation of modern email. S/MIME is optional, but highly recommended in environments demanding secure communication, such as government, legal, healthcare, and enterprise contexts.

MIME structure explained
A MIME-compliant email is composed of a structured format that allows the inclusion of multiple types of content—such as text, HTML, and file attachments—in a single email. This structure is the foundation of modern email communication.
1. MIME Headers
Key headers include:
- MIME-Version: 1.0 → indicates MIME format
- Content-Type → describes the content type (e.g., text/plain, text/html, multipart)
- Content-Disposition → defines how the part should be handled (inline or attachment)
- Content-Transfer-Encoding → indicates how the part is encoded (e.g., Base64)
2. Email Body
The body can contain:
- Simple plain text
- HTML content
- Binary attachments
- Or a multipart format that combines several parts
The most common multipart types:
- multipart/alternative → plain text + HTML
- multipart/mixed → message body + attachments
- multipart/related → HTML with embedded images
3. Boundary
The boundary is a unique delimiter that separates the parts of a multipart message. It’s defined in the Content-Typeheader.
Example:
Content-Type: multipart/alternative; boundary="XYZ"
4. Encoding
Binary or non-ASCII content (like HTML or attachments) must be Base64-encoded to be compatible with email protocols.
Complete MIME structure example
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”XYZ”
–XYZ
Content-Type: text/plain; charset=”utf-8″
This is the plain text version of the email.
–XYZ
Content-Type: text/html; charset=”utf-8″
<html><body><p>This is the <b>HTML</b> version of the email.</p></body></html>
–XYZ–
This format allows email clients to choose which version to display—plain text for compatibility, or HTML for visual richness.
Python example: multipart/alternative email
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
msg = MIMEMultipart('alternative')
msg['Subject'] = 'Email with text and HTML'
msg['From'] = 'sender@example.com'
msg['To'] = 'recipient@example.com'
text = "This is the plain text part of the email."
html = "<html><body><p>This is the <b>HTML</b> part of the email.</p></body></html>"
msg.attach(MIMEText(text, 'plain', 'utf-8'))
msg.attach(MIMEText(html, 'html', 'utf-8'))
The technical structure of S/MIME
An S/MIME message is a MIME message that has been digitally signed, encrypted, or both, using X.509 certificatesand PKI. S/MIME uses the Cryptographic Message Syntax (CMS), formerly known as PKCS#7, to encapsulate and protect the message.
Types of S/MIME messages
- Signed
Readable, but authenticated via digital signature. - Encrypted
Unreadable unless decrypted by the intended recipient. - Signed and Encrypted
Ensures both integrity and confidentiality.
Header examples
Signed message:
Content-Type: multipart/signed;
protocol="application/pkcs7-signature";
micalg=sha-256; boundary="signed_boundary"
Contains two parts:
- The cleartext MIME message
- The digital signature in PKCS#7 format
Encrypted message:
Content-Type: application/pkcs7-mime; smime-type=enveloped-data;
name="smime.p7m"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7m"
Everything is wrapped inside the .p7m file, which includes the encrypted MIME content.
Encrypted message internals
- The original MIME message (text, HTML, attachments)
- The encrypted payload (with Base64 encoding)
- Sender’s certificate (optional)
- Encryption algorithm (e.g., AES-256)
- Signature (optional)
Everything is packaged into a CMS/PKCS#7 structure.
Practical example with OpenSSL
Sign a message:
openssl smime -sign -in message.txt \
-signer cert.pem -inkey key.pem \
-out message_signed.eml -outform PEM
Encrypt the signed message:
openssl smime -encrypt -in message_signed.eml \
-out message_encrypted.p7m -outform DER \
recipient_cert.pem
Basic Python parsing of .eml with S/MIME payload
from email import message_from_file
with open('email.eml', 'r') as f:
msg = message_from_file(f)
print("Content-Type:", msg.get_content_type())
print("Filename:", msg.get_filename())
print("Base64 Content Snippet:", msg.get_payload()[:60], '...')
Limitations and Compatibility Issues
Despite its strength, S/MIME has some drawbacks:
- Requires certificate management
- Often lacks support in mobile clients and third-party email apps
- Incompatibility between email systems
- Webmail clients (like Gmail) do not natively support .p7m files
If the recipient’s certificate is unknown, encrypted emails cannot be sent.
Alternatives to S/MIME
Several alternatives exist to address the limitations of S/MIME:
PGP / OpenPGP
Pretty Good Privacy (PGP) and OpenPGP provide strong end-to-end encryption using public-key cryptography, but without centralized CAs.
Pros:
- No need for a CA
- Widely supported in open-source tools (e.g., Thunderbird + Enigmail)
Cons:
- Users must manage their own keys
- Less support in corporate environments
STARTTLS and TLS
Transport Layer Security (TLS) can secure the email transmission channel, but not the content itself.
It’s easier to implement, but less secure if servers are compromised.
Encrypted Email Services (ProtonMail, Tutanota)
These providers offer full end-to-end encryption:
- ProtonMail: based on OpenPGP, transparent to users
- Tutanota: uses its own cryptographic stack
Drawbacks:
- Require using the provider’s own platform
- Limited interoperability
Questions and answers
- What is MIME used for?
MIME enables emails to include rich content like attachments, HTML, and multiple character sets. - What is S/MIME?
S/MIME is an extension of MIME that adds encryption and digital signatures for secure emails. - How is S/MIME different from MIME?
S/MIME adds cryptographic security, while MIME only formats the content. - Is S/MIME secure?
Yes, but its effectiveness depends on proper certificate handling and key protection. - Which email clients support S/MIME?
Outlook, Apple Mail, and some Android clients support it. Gmail does not, natively. - Do I need a certificate for S/MIME?
Yes, S/MIME requires an X.509 certificate from a trusted Certificate Authority. - Can I use S/MIME with Gmail?
Only through third-party plugins or external clients. Gmail’s web interface does not support it. - What are good alternatives to S/MIME?
PGP, TLS, ProtonMail, and Tutanota are popular alternatives. - Does S/MIME encrypt attachments too?
Yes, if the message is encrypted, all included attachments are encrypted as well. - Can I use S/MIME on my phone?
Yes, but only with compatible apps. iOS Mail supports it, Android needs special apps.