Technology content trusted in North America and globally since 1999
8,255 Reviews & Articles | 62,631 News Posts

Microsoft, Google, Yahoo, Comcast working on better email encryption

Quite a few big companies and private researchers have proposed a protocol to make email a little more secure than it already is, which isn't at all
By: Jeff Williams | Hacking & Security News | Posted: Mar 21, 2016 10:03 pm

Encryption is a very pertinent issue in the modern age. We're at an impasse where certain individuals and groups would rather encryption be the stuff of history, perhaps even segregating encryption strengths like was common during the 80's and 90's. Email encryption isn't exactly the easiest thing to setup and requires a bit of preparation to do right. It can be cumbersome even to those that know what they're doing. A group of tech companies and independent researchers have gotten together to help make encryption of your emails easier, and much more seamless.




The new protocol that has been proposed is called SMTP STS, or Simple Mail Transfer Protocol Strict Transport Security, and is designed to ensure a secure, encrypted connection with email servers. It's not a method of encrypting your emails themselves, which would be best served by any free, or paid, PGP solution, but it adds a measure of security to email that helps to make sure that you're messages are at leat going through real, authentic mail servers to get to their destination.


What it does is talk those email servers that it's traveling through to determine whether or not the connection is secure and that it's who they say they are. If the server can be authenticated (through the use of certificates and a TLS encryption-based connection), then your message will pass along, knowing that at least that server is legit. If no encryption can be used, then there's the option that the message won't be sent.


It doesn't sound like much at first, but it'll help prevent some man-in-the-middle attacks from stealing your email, and each hop should theoretically be sent with TLS encryption. Combined with a good PGP plugin, a provider that encrypts your data at rest and MFA, and you've got a very secure communication system. This is only a draft at the moment, but if it gets ratified, then email will be that much more secure.


Related Tags

Got an opinion on this news? Post a comment below!