" opportunistic Archives - LuxSci

Posts Tagged ‘opportunistic’

Opportunistic TLS for SMTP

Tuesday, December 15th, 2020

If you want to make sure your emails are secure and private, opportunistic TLS for SMTP won’t quite cut it. To explain why, first we have to step back a bit.

Most people don’t put a lot of thought into how their emails are sent and received, so it’s not unusual for them to think it works akin to teleportation or magic–that messages somehow just appear right in their inboxes.

While the rapid delivery speeds may seem to justify such presumptions, there are actually a bunch of steps under the hood. When you send an email, it uses a protocol called the Simple Mail Transfer Protocol (SMTP) to make its way through to your recipient’s server. From there, your recipient uses another protocol such as ActiveSync, POP3, MAPI, or IMAP, or a Web-based interface, to pick it up and read it.

Opportunistic TLS

Unfortunately, these aren’t always secure by default. Under its original design, emails are sent as plaintext. This means that anyone along the email’s journey can see (and even change) their contents. This can include those in charge of the servers, the government, and even hackers that intercept the data.

Thankfully, engineers weren’t completely oblivious to this glaring security hole, and they have introduced a number of mechanisms that can be leveraged to protect email.

Read the rest of this post »

Who does not support SMTP TLS for Secure Inbound Email Delivery?

Thursday, November 7th, 2013

Note: lists below have been updated as of 9/11/2015.

We are frequently asked how common is the support of SMTP TLS  for securing inbound email delivery to recipients across the Internet.  This is especially important for customers who need to be HIPAA compliant, as email transport encryption over TLS is sufficient for HIPAA compliant communications to end users, so long as the TLS is configured to be sufficiently strong.

While it is possible to tell who supports TLS, its is somewhat technical to do yourself.  So, we have assembled a table with many of the popular free / public email domains in use across the Internet and indicate which currently (as of January 14th, 2015) support SMTP TLS for inbound email.

The results are surprising.  A majority of domains these days do support TLS, and with Microsoft’s recent TLS implementation on its email domains (hotmail.com/live.com/outlook.com), this rounds out consistent TLS support (for inbound delivery–outbound may or may not be supported)  for all of the most popular free email providers (e.g. aol.com, gmail.com yahoo.com, hotmail.com).

Read the rest of this post »

LUXSCI