New SMTP STS Email Security Standard Published by Industry Leaders



/ 3 years ago

email_security

A number of engineers from some of today’s top tech firms have come together to provide a new standard of security for the sending and receiving of emails. Google, Microsoft, Yahoo, Comcast, LinkedIn and 1&1 Mail & Media Development & Technology are all part of this new standard that is named SMTP Strict Transport Security (SMTP STS). The new standard will allow email providers to define policies and rules that control the sending and receipt of encrypted email communications, which is a vast improvement over current email security.

When SMTP (Simple Mail Transfer Protocol) was envisioned back in 1982, it included no facilities for encryption or security. This same protocol has been in use to this day, and despite additions over the years, such as  STARTTLS that have added support for TLS (Transport Layer Security) to SMTP connections, its adoption rate has been low and the majority of email traffic is as unencrypted as in the 80s. Between May and August 2014, in the wake of Edward Snowdon’s leaks, Facebook saw adoption for STARTTLS jump from 58% to a whopping 95%. STARTTLS is not without flaws, though, as it does not validate the digital certificates and is vulnerable to both man-in-the-middle attacks and simple stripping of the encryption.

The newly proposed SMTP STS addresses both of the main flaws that exist in STARTTLS. Firstly, it informs connecting clients that TLS is available and recommended for use as well as how the certificate should be validated and the consequence of failure to establish a TLS connection. SMTP STS policies are set via special DNS records added to the email for the server’s domain name, providing ways for clients to validate the policies and report failure. Man-in-the-middle attacks can be foiled by a mail server telling a client to cache its SMTP STS policies for a set duration, to prevent false policies being injected.

Whether this new standard will catch on the wider world of the internet remains to be seen, but with so many key companies involved in its development and security being such a key topic in the modern-day, we can only hope that it allows us to keep our emails that much secure and private.

Topics: , , , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow. And continue to bring you the latest news, reviews, and competitions. Follow us on Facebook and Twitter to keep up with the latest technology. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!
eTeknix FacebookeTeknix TwittereTeknix Instagram

Check out our Latest Video

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

  • Be Social with eTeknix

  • itvpros.com
  • Poll

    Who Is Your Favourite Motherboard Brand?

    View Results