Notification

Duet AI is now Gemini for Google Workspace. Learn more

Hosted S/MIME FAQ

Supported editions for this feature: Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education PlusCompare your edition

This article answers questions about client support for hosted S/MIME and message signing and encryption.

Which clients support hosted S/MIME?

Hosted S/MIME is supported when sending email using Gmail clients from Google for web and mobile devices and other clients, such as IMAP. If you send a message using the other clients, Gmail signs the message and, if possible, encrypts it. You should not add the S/MIME certificate to the client itself since the S/MIME signature/encryption is hosted by Gmail.

Why are some of my recipients getting messages with a 'smime.p7s' attachment?

If the recipient’s email client doesn't support S/MIME, the messages you send will include the certificate as a smime.p7s attachment. Gmail on web, Android and iOS, and Inbox won't show the S/MIME attachments. 

Can I use hosted S/MIME with mailing lists?

If you send an email signed with S/MIME to a mailing list, such as Google Groups, the mailing list might break the signature by modifying the message (by adding a footer, for example), which would cause S/MIME verification to fail.

Why do some messages fail verification or decryption when accessing in Thunderbird?

You can configure Thunderbird to not download attachments larger than a given size. Since S/MIME data is stored as an attachment, if the S/MIME attachment is too large, this can prevent S/MIME processing.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
11009323301582488722
true
Search Help Center
true
true
true
true
true
73010
false
false