[wolf550e]

"8.2 Countering malleability gadget attacks" in the efail paper says: "The S/MIME standard does not provide any effective security measures countering our attacks" and "Although CMS defines an AuthenticatedData type [29], S/MIME’s current specification does not."

If the S/MIME spec does not enforce (and it seems it doesn't even allow, not just does't enforce) Authenticated Encryption, then it violates "the cryptographic doom principle" and should not be used for anything except CTFs and cryptopals exercises.

[Avamander]

The effective measure against their attack is signing and encrypting your e-mail sent with S/MIME? If it's just encrypted then yes, there's malleability issues but if it's signed I don't see it happening.