S/MIME (Secure/ Multipurpose Internet Mail Extensions) is a standard for encrypting and signing e-mails specified in RFC 8551 . You need a personal S/MIME certificate for this, a domain certificate alone is not enough.

Functionality: The content of the email is secured by asymmetric encryption. Both recipient and sender must have an asymmetrical key pair and the corresponding software.

1. Encryption:
   The sender encrypts the content of the mail with the recipient’s public key known to him. The recipient needs his own private key to decrypt the mail.
2. Lettering:
   Outgoing e-mails are also provided with a signature, which the recipient can use to validate that the e-mail actually comes from the sender and that the content is unchanged. This validation on the part of the recipient is possible with any mail program, even if there is no separate S/MIME key

Purpose: S/MIME provides a secure way to send and receive email. On the one hand, the sender can be sure that the contents of his e-mail will not be manipulated or read by a third party, but will reach the recipient unchanged. On the other hand, the recipient can verify the sender.

Accordingly, confidentiality, authenticity and integrity are guaranteed.

Further information:

• S/MIME: User vs. Domain Certificates

• Prevent fake senders with SPF, DKIM, DMARC and S/MIME