The Current State of TLS over SMTP?

Michael Adkins, Mail Integrity Engineer at Facebook summarizes it thusly:

"STARTTLS encryption is widely supported and has achieved critical mass despite some issues with certificate management. A system deploying STARTTLS support for the first time can expect more than half of its outbound email to be encrypted. Also, the majority of deployments provide Perfect Forward Secrecy. We see two high priority areas for improvement. First, we encourage the industry to work together to develop better tools for preventing mismatched certificates. Second, we encourage everyone to deploy support for opportunistic encryption via STARTTLS."

TL;DR? Turn on opportunistic TLS, and if your results are like Facebook's results, at least half of the time your mail will be encrypted in transit. This is a very good thing, and adoption is only going to grow, especially when you've got a big site like Facebook who sends a lot of mail, helping to gently nudge folks in the right direction.

Want to learn more? Steve Atkins explains how to Protect your email with TLS over at Word to the Wise.
Post a Comment