Click to Skip Ad
Closing in...
  1. Best Prime Day Apple Deals
    12:00 Deals

    Amazon Prime Day 2021: Best Apple deals

  2. Early Prime Day Deals
    08:06 Deals

    10 incredible early Prime Day deals that are about to end at Amazon

  3. Best Prime Day TV Deals
    16:38 Deals

    Best Prime Day TV deals: Samsung, LG, Vizio, and more

  4. Amazon Deals
    10:32 Deals

    Today’s best deals: Free $15 Amazon credit, early Prime Day deals, first M1 iMac sale, $20 Blink cam, $600 projector for $300, more

  5. Amazon Deals
    07:57 Deals

    10 deals you don’t want to miss on Sunday: Rare Nest Thermostat deal, $6 Kasa smart plugs, Instant Pot accessories, more

Google, Microsoft and others team to make email fully encrypted

March 22nd, 2016 at 11:00 PM
Google Microsoft IETF Email Encryption

When you send an email to someone, it goes through something called Simple Mail Transfer Protocol (SMTP), a standard that was first developed in the 1980s and that lacks the ability to fully encrypt our messages. Because of this, a group of engineers from several different companies — including from Microsoft, Google, Comcast and LinkedIn — are working on a new proposal that would update the standard to ensure full encryption for all email messages.

RELATED: Paris attackers didn’t use encrypted iPhones or Internet services

The proposal, which was submitted recently to the Internet Engineering Task Force (IETF), outlines a new mechanism called Simple Mail Transfer Protocol Strict Transport Security (SMTP STS). Its main goal is to prevent man-in-the-middle attacks that have compromised past efforts at making SMTP a more secure protocol.

The IETF notes that under current protocols, “any attacker who can delete parts of the SMTP session (such as the “250 STARTTLS” response) or who can redirect the entire SMTP session (perhaps by overwriting the resolved MX record of the delivery domain) can perform such a downgrade or interception attack” on any messages sent.

The idea with the new proposal is to give message transfer agents (MTAs) that send emails the ability to watch out for certain red flags that would bounce sent messages back to their recipients if there are hints that they’ve been compromised. It essentially works like this: When you send a message to a destination that supports the new SMTP STS standard, the MTAs will automatically check to see if its destination supports encryption and if it has a valid certificate. In theory, this would prevent the message from being intercepted by a malicious server along the way to its destination, thus blocking attempted man-in-the-middle attacks.

This standard is still just a proposal and there are obviously a lot of details to be worked out before it gets rolled out worldwide. To get more technical details on how it would work, check out the IETF’s full page on it at this link.


Popular News