• Home
  • News
  • IT giants publish a new encryption standard for emails

IT giants publish a new encryption standard for emails

In the US, opening the mail that someone else received is a federal crime. Unfortunately, although emails are just as important and a lot more popular than regular mail, they don't fall under the same jurisdiction, so there were more than a few cases when hackers were able to intercept and read their victim's emails. Microsoft, Google, Yahoo and others want to put in place a new security mechanism to fix this issue and make the Internet email traffic a lot safer.

The recently published SMTP Strict Transport Security standard is a new mechanism that will make it easy for those who provide email services to create policies and rules for encrypted email communications. For those of you who aren't that tech-savvy, in 1982 when it was first created, the Simple Mail Transfer Protocol, or SMTP for short, didn't provide any kind of encryption capabilities. In 2002, recognizing the need for security, email engineers came up with the STARTTLS protocol which allowed email providers to add Transport Layer Security, or TLS to the SMTP. However, STARTTLS doesn't validate security certificates, which makes it very vulnerable to man-in-the-middle attacks as well as to encryption downgrade attacks, so there was a very dire need for a new security mechanism.

The new SMTP STS protocol that was developed by Microsoft, Google, Yahoo, 1&1 Mail & Media Development & Technology, Comcast and LinkedIn solves all the previously mentioned issues, so I'm hoping that it will be accepted worldwide as soon as possible.

If Internet security is one of the topics you're interested in, you might also enjoy reading some our previous stories such as: "The Tor browser - a novice's guide" or "All you need to know about Google's authentication methods".

Comments