08 November 2022 - IT Security Protect email data with an S/MIME certificate

At our university, around 150,000 emails are sent and 120,000 are received every day. On top of that, we intercept around 5.5 million spam emails. Emails are also the number one form of communication at the URZ. To be certain that emails are protected from unauthorized access, there are a few things you should be aware of. Otherwise, without security measures, your emails and the information in them can be easily viewed and forged, much like a postcard. A simple and reliable method to protect yourself and others from falsified emails is to use S/MIME certificates.

Start protecting your emails now and apply for a certificate


An S/MIME user certificate is a person-specific digital identity which has been authenticated by the URZ. For this reason, employees must provide proof of identification when applying for the certificate at the URZ. Personal digital certificates are used to confirm the authenticity of one's communication partner. This is implemented by assigning each Public Key Infrastructure (PKI) participant to a certification authority, which will sign the certificate request after verifying the applicant's ID.

You need the user certificate to digitally sign your emails. After the certificate has been issued, you simply transfer the certificate file to your email client. The signature assures your contacts that the email is really from you. If an email has a valid digital signature, it is displayed to the recipient directly in the email client (see screenshot).

Screenshot digital signature with S/MIME certificate

How to apply for a certificate and store it in your email client (with Outlook as the example) is explained in the instructions linked on this page.

What is a digital certificate and why do I have to apply for it in person?


S/MIME is an acronym and stands for Secure/Multipurpose Internet Mail Extensions. This technology has been an established standard since 1995, and it is operating system independent. With S/MIME, every user can digitally sign their emails, thereby verifying themselves as the legitimate sender of the message. To do this, you need a personal certificate, which needs to be requested in person as your identity will be checked (with the presentation of a personal ID).
For the sake of simplicity, a digital certificate is an electronic proof of identity that contains a public key and a private key. Certificates make it possible to transmit signed and encrypted information by using asymmetric cryptographic methods with private and public keys. 

Why do I need a digital S/MIME signature?


Information security affects all users. Technological solutions are no substitute for being aware of possible fraud attempts such as phishing or social engineering, and having an informed, critical eye. S/MIME digital signatures provide authentication of the sender's identity and thus offer effective protection, e.g. against phishing attacks.

Think first, then click! Recognize fraud attempts & take action


Are spam, phishing und social engineering foreign words to you? They are scams that use modern communication channels such as email, phone, texts, etc. to obtain information, money or access data. Learn more about the methods and tricks used by scammers on the linked sites. The German Federal Office for Information Security (BSI) recommends answering three small questions before opening emails:

  1. Do you know who the sender is and whether the sender is really the person they are claiming to be?
  2. Do the subject line and the text make sense and what is the purpose of the message?
  3. Are you expecting an attachment?