What is a SMIMEA record? Secure Email with S/MIME

SMIMEA messages often contain a certificate (some messages contain more than one certificate). These certificates assist in authenticating the sender of the message and can be used for encrypting messages that will be sent in reply. In order for the SMIME receiver to authenticate that a message is from the sender identified in the message, the receiver's Mail User Agent (MUA) must validate that this certificate is associated with the purported sender. Currently, the MUA must trust a trust anchor upon which the sender's certificate is rooted and must successfully validate the certificate. There are other requirements on the MUA, such as associating the identity in the certificate with that of the message, which is out of scope for this document.

The SMIMEA record has the following look in your DNS zone management page:

Host Type Points to: TTL
hashedLocalPart._smimecert SMIMEA 0 0 0 keyKEY1234keyKEY 1 Hour

Why is it important?

SMIMEA records are crucial for email security, providing authentication and trust by linking S/MIME certificates with domain names. They safeguard data privacy, mitigate phishing attacks, and simplify certificate management. By encrypting emails and verifying sender authenticity, SMIMEA records enhance trust in email communication. Overall, they play a crucial role in securing sensitive information, building trust, and protecting the authenticity of email messages.

How to create a DNS SMIMEA record?

Log in to your ClouDNS account, enter your DNS zone management page, and click on the Add new record button. For Type choose "SMIMEA" and type as follow:

  • Type: SMIMEA
  • TTL: 1 hour
  • Host: www
  • Usage: (From 0 to 3) It specifies the provided association that will be used to match the certificate presented in the TLS handshake
  • Selector: (From 0 to 1) It specifies which part of the TLS certificate presented by the server will be matched against the association data
  • Matching-type: (From 0 to 2) It specifies how the certificate association is presented.
  • Certificate: Specifies the "certificate association data" to be matched.

*This hostname is used as an example.

How to check it?

The SMIMEA record type cannot be looked up easily in Windows because neither Nslookup nor Powershell's Resolve-DnsName has support for it. 

Yet, you still have the opportunity to install WSL (Windows Subsystem for Linux) and then follow the instructions below for Linux/macOS. Another option is to use an online lookup tool, such as the ClouDNS Free DNS tool, to check your SMIMEA record.

In case you are a Linux/macOS user, you can open the Terminal and check your SMIMEA record simply by using DIG. Here is an example:

$ dig example.com SMIMEA

The result is in the answer section. There, you will see the SMIMEA records that are available.

How to start managing SMIMEA records for your domain name?

  1. Create a Free account from here - it is free forever
  2. Verify your e-mail address
  3. Log in to your control panel
  4. Create a new DNS zone from the CREATE ZONE button - read more here
  5. Add the SMIMEA records you need, as it is described in this article.

Common challenges with SMIMEA Records and how to overcome them?

While SMIMEA records offer enhanced security for email communications, they also present certain challenges. Here’s how to address some of the most common issues:

  • Complex Configuration: Setting up SMIMEA records can be complex, especially for those unfamiliar with DNS management. Solution: Follow detailed guides or consult with DNS management experts to ensure proper configuration. 
  • Compatibility Issues: Not all email clients and systems support SMIMEA records. Solution: Ensure that your email infrastructure is compatible with SMIMEA and consider providing fallback options for recipients using incompatible systems.
  • Certificate Management: Managing multiple S/MIME certificates can be cumbersome, particularly in large organizations. Solution: Use automated options that simplify certificate management, including renewal and deployment.
  • Security Risks from Misconfiguration: Incorrectly configured SMIMEA records can lead to security vulnerabilities or email delivery issues. Solution: Regularly review and test your SMIMEA records to ensure they are correctly configured and functioning as intended.

Support of SMIMEA records

ClouDNS provides full support for SMIMEA records for all our DNS services, including the ones listed below. Just write to our technical support if you need any assistance with your SMIMEA records configuration. Our Technical Support team is online for you 24/7 via live chat and tickets.

FAQ

Question: How do SMIMEA records protect data privacy and confidentiality?

Answer: SMIMEA records ensure that only the intended recipient can decrypt and read encrypted emails, preventing unauthorized access to sensitive information.

Question: Do SMIMEA records protect against phishing and spoofing attacks?

Answer: Yes, SMIMEA records help mitigate phishing and spoofing by verifying the authenticity of the sender's digital signature.

Question: Can SMIMEA records be used for both personal and business email accounts?

Answer: Yes, they can be used for both personal and business email accounts. They are a versatile email security solution.

Sign Up Now!

Last modified: 2025-04-07
Online - Live Chat
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more