Skip to content

S/MIME

S/MIME is a technology that can verify the validity of the sender of the email (from address) and the mail body. The sender prepares a digital certificate (S/MIME certificate) for the email address issued by a third party and signs the sending email using this certificate. The signature given to the email is verified by email software such as Outlook, and if the email is sent by a legitimate sender, a mark such as ribbon will be displayed.

Customers Mail Cloud provides a function that can add S/MIME signatures to emails sent via mail relay or API. You can send S/MIME signed emails by registering the S/MIME certification in the management console.

Note

To use S/MIME, It is required to subscribe to the S/MIME option.

Warning

S/MIME allows senders and recipients to encrypt emails by exchanging public keys with each other but Customers Mail Cloud does not provide encryption function.

Warning

It is required to receive S/MIME signed emails by email software such as Outlook that can compatible with S/MIME. If the sender send S/MIME signed emails with a software or smartphone that is not compatible with S/MIMES, the mail content may not be displayed correctly.

Customers Mail Cloud provides a function that controls S/MIME signatures for each domain. Therefore to send emails to a domain that is not compatible with S/MIME,you can send it without giving it an S/MIME signature.

Warning

Emails forwarded by BCC will not be signed by S/MIME If intelligent BCC is set in "server settings" -> "advance settings" of the server composite.

Registering the certification

Register the S/MIME certificate in the management console. Please prepare it from a certificate provider before setting up.

preparing pkcs12 format file

To register the prepared S/MIME certificate in the management console, you need to create a pkcs12 format file containing the private key from the certificate.

Note

Please contact the issuer of the certificate for more information about how to create a pkcs12 format file.

Uploading the pkcs12 format file

  1. Login to management console and click the S/MIME settings tab.

  2. Click the add button.

    S/MIME settings dialog

  3. Input the below items.

    Item Required Description
    mail address Yes Input the From address.It must be the same email addres as included in the S/MIME certificate you are registering.
    secret key (password) Yes Input the secret key for the S/MIME certificate you are registering.This value will be stored in the management console after AES encrypted.
    Certificate File Yes Upload the pkcs12 formatted S/MIME certificate.
  4. When you click the save button S/MIME certificate will be saved in the management console.

Operate S/MIME certificates

  1. Click the server composition tab on the management console.

  2. Click the server composition link that operates the S/MIME certificate.

  3. Click the S/MIME settings at the left menu of server settings dialog.

    server settings->S/MIME settings

  4. A list of operable S/MIME certificates will be displayed.

  5. Mark as checked the S/MIME certificate that operates in this server configuration

  6. Click the save button.

Reflecting settings to the mail server

Once you reflect settings to the mail server, S/MIME operation will start.

Updating the certificate

S/MIME certificates have an expiration date and you specify one or two years when you prepare the certificate. Since expired S/MIME certificates cannot be used,you must renew the S/MIME certificate before it expires.

Issuing a new certificate from the issuer

The issuer will inform you to renew the certificate before it expires. New certificate according to the instructions will be issued. Create a pkcs12 format file from the newly issued certificate by following the same procedure as when registering.

Updating the certificate

  1. Login to management console and click the S/MIME settings tab.

  2. Click the link for the email address to renew your S/MIME certificate From the S/MIME list screen.

    updating S/MIME certificate

  3. Input the secret key (password) and pcks12 format file created from the updated certificate.

  4. Click the save button.

Reflecting the settings to the mail server

Once this is reflected settings in the mail server, the updated S/MIME certificate will start to operate.

Warning

If you send an email after your S/MIME certificate has expired Customers Mail Cloud rejects mail relay in response to the SMTP error "451 S/MIME certificate is expired".

Deleting the certificate

You can stop the operetaion of S/MIME and delete the S/MIME certificate from management console.

Stopping the opeartion of S/MIME

  1. Click the server composition tab at the management console.

  2. Click the server composition link that stops the operation of S/MIME.

  3. Click the S/MIME settings in the left menu of the server settings dialog.

  4. A list of operable S/MIME certificates will be displayed.

  5. Uncheck the S/MIME certificate to stop operation.

  6. Click the save button.

Reflecting the settings to the mail server

Once you reflect this settings to the mail server S/MIME operation will stop. After the settings reflection, you can no longer add the S/MIME signature to the emails you send.

Deleting the S/MIME certificate

  1. Click the S/MIME settings tab at the management console.

  2. Confirmation dialog will be displayed when you click the delete button at the S/MIME list screen.

  3. Input the login password and click delete button to delete the S/MIME certificate.

Setting the exceptional conditions

Set an exceptional condition If you do not want to add an S/MIME signature when sending emails to devices that do not support S/MIME, such as feature phones.

Exceptional settings by destination

  1. Click the server composition tab at the management console.

  2. Click the link of the server configuration that operates S/MIME.

  3. Click the S/MIME settings in the left menu of the server settings dialog.

    exceptional settings by destination

  4. Add the S/MIME unsigned destination email address in regex.

    Note

    Registration will be done by default for the mobile carrier.

Exceptional settings by header

  1. Click the exceptional settings by header tab.

    exceptional settings by header

  2. Add a condition that does not give S/MIME with a combination of header name and header value.

    Note

    Exceptional settings by content-type header are registered by default so that emails that have already S/MIME signatures will not be signed again.