S/MIME is a popular technology for end-to-end email encryption and is analogous to PGP in the way that it works. It is commonly available in most modern email programs and in many server-side email and WebMail encryption services like LuxSci SecureLine.
Folks are used to thinking about Internet security and encryption in terms of web site security. E.g. the “https://” that secures our everyday life working in our web browsers is the signal that SSL/TLS is being used to encrypt traffic between ourselves and the web server. People are even becoming used to the fact that TLS (with SMTP) is also commonly used to secure the transport of email messages from server-to-server.
These are all good things!
S/MIME (like PGP) is different — it encrypts the email message before it is sent and the message stays encrypted until the recipient opens it. It “doesn’t matter” how this message is transported to the recipient … its secure the whole way. But did you know that S/MIME is really just an application of the same SSL/TLS technology that secures your traffic to securing your messages?
 S/MIME (and PGP) do not secure your message headers (e.g. the subject, recipients, etc.), it only secures the message body and attachments. So, the added security of SMTP over TLS does serve to protect those things that S/MIME does not protect.
Read the rest of this post »