Don't block S/MIME on your mail server
By Pete Freitag
With all the viruses out there these days, many mail servers simply block all attachments, or only allow a small set through. One set of attachment extensions that you don't want to block however are the extensions defined in RFC 2311 § 3.2.1 for S/MIME.
MIME Type File Extension application/pkcs7-mime .p7m (signedData, envelopedData) application/pkcs7-mime .p7c (degenerate signedData "certs-only" message) application/pkcs7-signature .p7s application/pkcs10 .p10
S/MIME allows people to sign or encrypt email messages. A S/MIME signature is created by basically creating a checksum (MD5, or SHA1), then the checksum is signed (RSA or DSA - S/MIME is also used for PGP).
Even if you don't sign or encrypt email yourself, its not a good practice to block these attachments - you may prevent someone (like me) who signs all their email from reaching you. Also S/MIME signatures are a good way for companies like PayPal who are plagued with Phishing scams to send trusted email to their customers. Just last week, I got an email from PayPal, which turns out was actually from PayPal - but I had to view the message source to confirm this. If they had signed the message I would know instantly.
Don't block S/MIME on your mail server was first published on November 23, 2004.Tweet Follow @pfreitag