Opportunistic TLS for SMTP
Tuesday, December 15th, 2020If you want to make sure your emails are secure and private, opportunistic TLS for SMTP won’t quite cut it. To explain why, first we have to step back a bit.
Most people don’t put a lot of thought into how their emails are sent and received, so it’s not unusual for them to think it works akin to teleportation or magic–that messages somehow just appear right in their inboxes.
While the rapid delivery speeds may seem to justify such presumptions, there are actually a bunch of steps under the hood. When you send an email, it uses a protocol called the Simple Mail Transfer Protocol (SMTP) to make its way through to your recipient’s server. From there, your recipient uses another protocol such as ActiveSync, POP3, MAPI, or IMAP, or a Web-based interface, to pick it up and read it.
Unfortunately, these aren’t always secure by default. Under its original design, emails are sent as plaintext. This means that anyone along the email’s journey can see (and even change) their contents. This can include those in charge of the servers, the government, and even hackers that intercept the data.
Thankfully, engineers weren’t completely oblivious to this glaring security hole, and they have introduced a number of mechanisms that can be leveraged to protect email.
Read the rest of this post »