Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google, Microsoft, Yahoo and others publish new email security standard

Lucian Constantin | March 22, 2016
The goal of the new SMTP Strict Transport Security mechanism is to ensure that encrypted email traffic is not vulnerable to man-in-the-middle attacks

Servers can also tell clients to cache their SMTP STS policies for a specific amount of time, in order to prevent man-in-the-middle attackers from serving fraudulent policies when they attempt to connect.

The proposed protocol is similar to the HTTP Strict Transport Security (HSTS), which is meant to prevent HTTPS downgrade attacks by caching a domain's HTTPS policy locally in the browser. It does, however, assume that the first connection from a particular client to the server was performed without being intercepted; otherwise, a fraudulent policy might have been cached.

According to Google's latest data, 83 percent of email messages sent by Gmail users to other email providers from around the world are encrypted, but only 69 percent of incoming emails from other providers are received over an encrypted channel.

There are also large discrepancies in email encryption between regions of the world, with email providers in Asia and Africa faring much worse than providers in Europe and the U.S.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.