Does the "Massive Growth in SMTP STARTTLS Deployment" decrease SPAM filtering efficiency?

https://www.facebook.com/notes/protect-the-graph/massive-growth-in-smtp-starttls-deployment/1491049534468526

When we posted in May about the state of STARTTLS deployment, we had no idea
that we would see such significant changes to email encryption across the
industry in just a few short months. We previously reported that only 28.6% of
our outbound notification emails were successfully encrypted and passed strict
certificate validation (58% if you count opportunistic encryption). Since
STARTTLS encryption requires both sides to deploy it, we encouraged others to
take the next step. As a result of recent changes by major providers, most
notably Microsoft and Yahoo, 95% of our notification emails are now successfully
encrypted with both Perfect Forward Secrecy and strict certificate validation.

enter image description here

Question: Does the good (more encrypted mail) has a bad impact on SPAM filtering?

somelooser28533

Posted 2014-08-22T09:19:42.937

Reputation: 111

Nothing Unix/Linux specific about this. security.SE would be more appropriate. – sch – 2014-08-22T10:38:40.277

Answers

SMTP STARTTLS is transport encryption. That is, it encrypts the connection between two mail servers as they relay mail. It does not encrypt the mail stored on the servers.

Basically, email travels across the Internet similar to this:

Your mail client ---SMTP--> your ISP's mail server
your ISP's mail server ---SMTP---> recipient's ISP's mail server
recipient's ISP's mail server ---POP3/IMAP---> recipient's mail client

Your ISP may actually have a few mail servers the email traverses, so too might the recipient's. And of course if one of the mail clients involved is webmail (e.g., GMail), then there may well be other protocols involved.

The least-secure part of this is when the mail is being sent between your ISP's server and the recipient's ISP's server. That was, traditionally, a completely un-encrypted connection across the Internet. The graph in your question is about securing that connection.

Its very similar to when you access a secure web page; the un-encrypted (cleartext) version exists on your computer and the web server, it's just encrypted for its travel across the Internet. Similarly, the cleartext version of the email exists on all the mail servers, its just encrypted to travel across the Internet.

Spam filtering has always been done on the cleartext version, and STARTTLS does not change that.

Encryption with GnuPG or S/MIME, on the other hand, encrypt the message before it leaves your machine. Then none of the mail servers have access to the cleartext, and hence that would impact spam filtering. Note that while STARTLS encrypts the entire SMTP session (including the sender and recipient addresses), GnuPG and S/MIME do not; they need to be in cleartext, otherwise the mail servers wouldn't know where to send the mail.

derobert

Posted 2014-08-22T09:19:42.937

Reputation: 3 366

Some firewalls/UTMs with deep packet inspection filter spam on the fly before it reaches the mail server. – sch – 2014-08-22T10:37:31.940

@StéphaneChazelas The spam firewalls I've used before act as an SMTP relay, e.g., you put them in your MX records, and they forward on the filtered email. So they'd be the endpoint for STARTTLS. – derobert – 2014-08-22T10:39:24.917

STARTTLS encrypts the entire SMTP transaction, including envelope data. It follows that without some way for the server to analyze the cleartext data, it would be impossible to even deliver the message in the first place, since both sender and recipient are properties of the envelope, not the message itself (though often derived from the message's headers). – a CVn – 2014-08-22T11:19:33.753

@MichaelKjörling that's a good point, I'll edit to make it clear it differs from GPG in that way. – derobert – 2014-08-22T11:20:59.830

SPAM and encryption are completely unrelated.

The post basically just says that the number of mailservers accepting STARTTLS has increased, which results in more emails being sent encrypted.

You can now figure that most spammers won't bother to use encryption, but that would only have an impact if said mailservers would not relay unencrypted mail.

I imagine that virtually all of these mailservers do still support unencrypted transmissions.

Jan

Posted 2014-08-22T09:19:42.937

Reputation: 1 777