Internet companies want to improve email security via smtp

Spread the love

Several companies, including Google, Yahoo and LinkedIn, have submitted proposals to the Internet Engineering Taskforce to improve email security. They propose an alternative to the inadequate starttls protocol extension.

The proposal highlights several problems with current e-mail traffic. This is currently done via the SMTP protocol from 1981, which does not authenticate senders and does not encrypt messages by default. This is apparent from a study by Google and two American universities. Later, security capabilities were added to the protocol, such as starttls, spf, dkim, and dmarc.

The implementation of these protocol extensions is completely voluntary, according to the researchers, leading to a ‘patchwork of security measures’. One of the findings of the study was that of the 700,000 smtp servers, which are related to the most popular 1 million websites according to Alexa, 82 percent support TLS and only 35 percent are properly configured to support server authentication. Google itself reports that 83 percent of outgoing and 69 percent of incoming Gmail messages are encrypted.

The proposal, which comes from Google, Comcast, LinkedIn, Yahoo, Microsoft and 1&1 Mail & Media Development, addresses the shortcomings of the starttls introduced in 2002. This works by establishing an smtp connection to a server and then initiating an encrypted tls connection via a handshake with the starttls command. However, a server is not authenticated and if there is no starttls support, the message is sent unencrypted.

According to the proposers of the proposal, it is these two facts that are the source of the system’s shortcomings. For example, a downgrade attack would allow an attacker to remove the starttls portion of an smtp session, leaving communication unencrypted, even though both parties might support tls. In addition, the lack of authentication allows an attacker to impersonate the recipient’s mail server, for example by spoofing the dns-mx record.

According to the submitters, the solution lies in a new system, called smtp sts or smtp strict transport security. This should make it possible for a domain to indicate in advance whether an mta, such as a mail server, supports tls and which security policy is applied. As a result, it must be possible, for example, to prevent a downgrade attack.

Also, smtp sts must ensure that a server can be authenticated. Finally, it is also possible to set up a policy if a tls connection cannot be established. In that case, the proposal prefers to regard the sending of the mail as a failure. There is provision for reporting such incidents.

A reference implementation of smtp sts is available on GitHub. This is maintained by two employees of 1&1 Mail & Media Development who were also involved in the submitted proposal.

simplified representation of how the current smtp process works

You might also like
Exit mobile version