STARTTLS for SMTP
Thu 15 May 2014
Okay, I don't really mean to advocate this as a privacy solution because it is and it isn't. If you truly want privacy of your email you mustuse end-to-end encryption like PGP/GnuPG or S/MIME. That said, I think it's good to encrypt things, even ciphertext, over the network. So STARTTLS for SMTP is a good start.
What, exactly, is STARTTLS? Well, it's an opportunistic protocol that goes out and asks a server in which I want to talk with if it supports encryption. If it does then we negotiate the terms (ciphers, keys, certs) and then we establish a circuit and exchange the information. If it doesn't support encryption I just skip the setup of the encrypted circuit and transmit the data in the clear. Yeah, not a great solution and I really hate the thought of STARTTLS as it isn't a guarantee that the data transferred will be encrypted (unlike, say, HTTPS).
Earlier today Kurt pointed me at a study done by Facebook. Yeah, everyone knows I hate FB but really they are in a great position to do such a study. According to their study, "Facebook sends several billion emails to several million domains every day". Okay, that's a lot of email. And with that amount of exposure to the worlds' SMTP servers I'm guessing they've hit most of the servers out there. Turns out 76% of those servers support STARTTLS and most actually use a good cipher suite and PFS. Unfortunately it appears that most mail is routed to providers that aren't supporting good crypto suites. The report doesn't name them so I figured I'd go out and see if I could find some of the deficient setups.
The obvious first choice was Google's Gmail. As long as the incoming server connects to port [STRIKEOUT:465] 587* they should get an encrypted circuit supporting TLSv1.2 protocol with a cipher of ECDHE-RSA-AES128-GCM-SHA256. Great, I have no complaints here. Hmmm, so who is next? I guess Hotmail is still a biggie and Microsoft does have all those B2B services as well. It seems TLSv1.2 with a cipher of ECDHE-RSA-AES256-SHA384 is being used on at least some of their SMTP servers. What's next? Ahh, yes, Yahoo! is still in business (although I seriously don't know how). Yahoo! just implemented encrypted connections for their webmail users so clearly they should have fixed their backend connections as well, correct? Well, they are the first to make my bad list by using the TLSv1 protocol with the cipher of RC4-SHA. Come on guys, get it together! Let me see what my provider, Bluehost, is doing here. It appears that, like Google, they support TLSv1.2 and are using the cipher of DHE-RSA-AES256-GCM-SHA384. Again, a great choice (although the AES256 is a bit much but that's a different post all together).
I might, one day, setup a scanner to more thoroughly collect this data and make it available in more real-time but for now I think the Facebook data is awesome and quite timely.
*As was pointed out in the comments port 587 is a user port and is used for authenticated SMTP access from clients. Once the SMTP server has the message to be delivered the server will connect over to the distant SMTP server over port 25 unauthenticated. Port 25 can be just plaintext or can use STARTTLS. As an aside, why port 25 outbound (and inbound?) is blocked for many residential customers is because it is unauthenticated and a present a good entry point for spam.