Email security

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents.

Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted using TLS protocol.

However, encryption is optional in SMTP, which implies that emails can be sent in plaintext. Mail Transfer Agent-Strict Transport Security (MTA-STS) is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security (TLS) to secure SMTP connections and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. It has been proven to successfully mitigate TLS downgrade attacks and Man-in-the-Middle (MitM) attacks.

SMTP TLS Reporting (TLS-RPT) is a standard that enables reporting issues in TLS connectivity experienced by applications that send emails and detect misconfigurations. It enables the reporting of email delivery issues that…

http://feedproxy.google.com/~r/TheHackersNews/~3/6N4bDCgObX0/enhancing-email-security-with-mta-sts.html

Leave a Reply