4

In light of recent news about some flaws in PGP standard, I (a non-PGP user) started to think how secure are regular e-mails these days.

I have found the STARTTLS Everywhere project, and they have a very worrying warning:

Most email transferred between SMTP servers (aka MTAs) is transmitted in the clear and trivially interceptable. Encryption of SMTP traffic is possible using the STARTTLS mechanism, which encrypts traffic but is vulnerable to trivial downgrade attacks.

Does it still hold true to this day? Is "regular" e-mail still going back and forth in plaintext?

Edit: my question is different from How (in)secure is POP/IMAP/SMTP because that question is focused on e-mail retrieval by final user. My focus here is on SMTP server to SMTP server communication.

Guest
  • 41
  • 2
  • 1
    Possible duplicate of [How (in)secure is POP/IMAP/SMTP](https://security.stackexchange.com/questions/51552/how-insecure-is-pop-imap-smtp) – SomeGuy May 18 '18 at 17:18
  • That question was from 4 years ago. Is it still considerate a duplicate? – Guest May 18 '18 at 17:23
  • Yes. Not much has changed since then regarding protocols. – SomeGuy May 18 '18 at 18:18
  • 1
    @SomeGuy: ok, but in meantime I found a more fundamental difference between the questions. I edited my post to highlight it. – Guest May 18 '18 at 18:34

1 Answers1

3

First, end-to-end decryption offered by PGP and S/MIME and hop-by-hop encryption provided by SMTP STARTTLS and the TLS use in IMAP and POP are totally different things. With end-to-end encryption the mail is encrypted by the sender and decrypted by the final recipient. With hop-by-hop encryption instead the mail is only encrypted during transit from one mail server to the next, which means it is accessible in plain on each mail server involved and it is also stored in plain at the providers mail server where it then gets retrieved using POP or IMAP.

That said, there are some kind of recent statistics about how much STARTTLS for SMTP is supported in practice:

While these statistics describe how much mail servers support receiving mail bei TLS they don't say how much mail is actually delivered by TLS. There are some interesting statistics from Google which describe how much TLS is used for incoming and outgoing mails from them. It shows for example that at the beginning of 2016 about 60% of incoming traffic was using TLS, beginning of 2017 already 80% and now about 92%. The current number for outgoing mails is around 88%. The last number means that for 12% of the recipients their mail server does not support TLS.

To get some real-life statistics of my own I had a look of some mails I have collected within the last 3 years, about 300.000 non-spam mails and about the same number of spam mails. From the non-spam mails around 77% where delivered with TLS while with spam mails this number was 42%. When only looking at the mails from this year 87% of incoming non-spam mails used TLS while only 53% of spam mails.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • In your last paragraph, how did you determine some of your mail did not use TLS between the sending mail server and your receiving mail server? Mail Headers? Or am I over looking something – pm1391 May 18 '18 at 21:38
  • 1
    @pm1391: I've looked at the Received header which include TLS information in case TLS is used, at least for the mail server for the specific domain I've looked at. – Steffen Ullrich May 19 '18 at 03:31
  • And google recently started to send reports as explained on https://tools.ietf.org/html/rfc8460#section-4 this allows them to warn other parties when they tried to send emails to them using TLS and it failed for some reasons which could help pinpoint either configuration errors or various attacks. – Patrick Mevzek Apr 24 '19 at 05:52