Security news that informs and inspires

STARTTLS Everywhere Aims to Secure Email on a Large Scale

In an effort to help counter mass surveillance of email traffic through network traffic collection, the EFF is releasing a new toolkit that mail server administrators can use to get STARTTLS up and running on their servers quickly, enabling encrypted connections for email delivery.

The new initiative is called STARTTLS Everywhere and is a companion to EFF’s existing Let’s Encrypt project, which helps site owners obtain digital certificates freely and quickly. STARTTLS Everywhere relies on Let’s Encrypt for certificate issuance and also includes software for admins to run on their mail servers to get STARTTLS enabled.

STARTTLS is an extension of the SMTP mail protocol and is designed to secure email traffic between two servers. If one server is trying to send am email to a second server, the sending server can use STARTTLS to request a secure connection. If the receiving server also supports STARTTLS, the two can then negotiate an encrypted connection, protecting the mail traffic from eavesdropping in transit. STARTTLS does not provide end-to-end encryption, so emails sitting on either the sending or receiving server still can be read by admins or others who can access the servers.

“STARTTLS Everywhere provides software that a sysadmin can run on an email server to automatically get a valid certificate from Let’s Encrypt. This software can also configure their email server software so that it uses STARTTLS, and presents the valid certificate to other email servers. Finally, STARTTLS Everywhere includes a “preload list” of email servers that have promised to support STARTTLS, which can help detect downgrade attacks. The net result: more secure email, and less mass surveillance,” Sydney Li and Jeremy Gillula of the EFF wrote.

"At the very least, we’d like to lower the barriers to entry for running a functional, secure mailserver."

By no means is STARTTLS a solution to all of the security problems with email. It’s designed specifically to allow two servers to negotiate a secure connection, which can help defeat an attacker who is listening in on that connection. But it can’t prevent every kind of network attack and it doesn’t guard against an attacker who has access to one of the mail servers. STARTTLS also can be vulnerable to downgrade attacks, a scenario in which an attacker on the network can intercept one of the unencrypted messages sent during the negotiation process and change it to make it appear that one of the servers doesn’t support STARTTLS. That can cause the email to be sent in the clear, defeating the purpose of STARTTLS.

Many large email providers, including Google, Yahoo, and Apple, support STARTTLS already and they represent a pretty large chunk of email traffic. For organizations that run their own mail servers, STARTTLS Everywhere can be a short bridge to more secure email communications with those services and others that support the protocol. The EFF has put together a policy list of domains that support STARTTLS, too, which can help sysadmins detect downgrade attacks.

Attackers--including intelligence agencies and high-level cybercrime groups--have been known to target the connections between email providers and between a provider’s own data centers in order to collect large volumes of unencrypted messages. Securing those connections is a key way to help make mass surveillance from these classes of attackers more difficult, but it doesn’t make it impossible.

“Email was designed as a federated and decentralized communication protocol. Since then, the ecosystem has centralized dramatically, and it has become exponentially more difficult to run your own mailserver. The complexity of running an email service is compounded by the anti-spam arms race that small mail operators are thrust into. At the very least, we’d like to lower the barriers to entry for running a functional, secure mailserver,” Li, a staff technologust at the EFF, wrote.