Case Study - Building a Resilient CDN Network with GeoDNS

What is a SMIMEA record?

SMIMEA messages often contain a certificate (some messages contain more than one certificate). These certificates assist in authenticating the sender of the message and can be used for encrypting messages that will be sent in reply. In order for the SMIME receiver to authenticate that a message is from the sender identified in the message, the receiver's Mail User Agent (MUA) must validate that this certificate is associated with the purported sender. Currently, the MUA must trust a trust anchor upon which the sender's certificate is rooted and must successfully validate the certificate. There are other requirements on the MUA, such as associating the identity in the certificate with that of the message, that is out of scope for this document.

The SMIMEA record has the following look in your DNS zone management page:

Host Type Points to: TTL
www.domain.com SMIMEA 0 0 0 keyKEY1234keyKEY 1 Hour

Why is it important?

SMIMEA records are crucial for email security, providing authentication and trust by linking S/MIME certificates with domain names. They safeguard data privacy, mitigate phishing attacks, and simplify certificate management. By encrypting emails and verifying sender authenticity, SMIMEA records enhance trust in email communication. Overall, they play a crucial role in securing sensitive information, building trust, and protecting the authenticity of email messages.

How to create a DNS SMIMEA record?

Log in to your ClouDNS account, enter your DNS zone management page, and click on the Add new record button. For Type choose "SMIMEA" and type as follow:

  • Type: SMIMEA
  • TTL: 1 hour
  • Host: www
  • Usage: (From 0 to 3) It specifies the provided association that will be used to match the certificate presented in the TLS handshake
  • Selector: (From 0 to 1) It specifies which part of the TLS certificate presented by the server will be matched against the association data
  • Matching-type: (From 0 to 2) It specifies how the certificate association is presented.
  • Certificate: Specifies the "certificate association data" to be matched.

*This hostname is used as an example.

How to check it?

The SMIMEA record type cannot be looked up easily in Windows because neither Nslookup nor Powershell's Resolve-DnsName has support for it. 

Yet, you still have the opportunity to install WSL (Windows Subsystem for Linux) and then follow the instructions below for Linux/macOS. Another option is to use an online lookup tool, such as the ClouDNS Free DNS tool, to check your SMIMEA record.

In case you are a Linux/macOS user, you can open the Terminal and check your SMIMEA record simply by using DIG. Here is an example:

$ dig example.com SMIMEA

The result is in the answer section. There you will see the SMIMEA records that are available.

How to start managing SMIMEA records for your domain name?

  1. Create a free account from, here - free forever
  2. Verify your e-mail address
  3. Log into your control panel
  4. Create a new Master DNS from the [add new] button - check a tutorial, here
  5. Add the SMIMEA records you need, as it is described in this article.

Support of SMIMEA records

ClouDNS provides full support for SMIMEA records for all our DNS services, including the listed below. Just write to our technical support, if you need any assistance with your SMIMEA records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.

FAQ

Question: How do SMIMEA records protect data privacy and confidentiality?

Answer: SMIMEA records ensure that only the intended recipient can decrypt and read encrypted emails, preventing unauthorized access to sensitive information.

Question: Do SMIMEA records protect against phishing and spoofing attacks?

Answer: Yes, SMIMEA records help mitigate phishing and spoofing by verifying the authenticity of the sender's digital signature.

Question: Can SMIMEA records be used for both personal and business email accounts?

Answer: Yes, they can be used for both personal and business email accounts. They are a versatile email security solution.


Last modified: 2023-08-02
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more