Skip to main content

STARTTLS Email Encryption Improperly Configured By Smaller Providers, Say Researchers

Security researchers from the University of Michigan, Google, University of Illinois-Urbana Champaign uncovered that a popular form of email encryption between email providers' servers, called STARTTLS, can be easily broken in many places of the world.

Last year, Google started to encourage other email providers to use the STARTTLS protocol, which encrypts email data when it's sent from one email provider to another in the form of SMTP messages. For this encryption to work, everyone has to use it; otherwise, the email that goes from Google to a provider that doesn't support STARTTLS will travel unencrypted. This can leave users' emails vulnerable to interception by attackers who have network access.

The researchers found that while major providers such as Google, Microsoft and Yahoo have solid encryption and message authentication configurations, the long tail of 700,000 other SMTP email servers out there have either improperly set up encryption, or they lack authentication. This makes it easy for attackers to strip the servers of the STARTTLS encryption and intercept the messages.

The researchers discovered that only 82 percent of the 700,000 SMTP servers properly configure their encryption, and only 35 percent configure authentication for their email messages. Without authentication, a man-in-the-middle attack could downgrade the encryption to plaintext.

They also found that in seven countries, more than 20 percent of all emails are actively prevented from being encrypted by network attacks. In the most severe case, 96 percent of all email sent from Tunisia to Gmail was downgraded to plaintext.

Of the 877 most common email domains to which Gmail sends email messages, only 58 percent accepted 100 percent of the email messages over TLS encryption. Only 29 percent of the 26,406 inbound email domains encrypted 100 percent of the emails.

The researchers concluded that much of the growth seen in the past year in terms of STARTTLS encryption happened mainly due to the larger providers such as Outlook and Yahoo Mail adopting STARTTLS mid-year. Most of the smaller providers still lag in adopting properly configured and authenticated STARTTLS encryption for email.

"The fail-open nature of STARTTLS and the lack of strict certificate validation reflect the need for interoperability amidst the gradual rollout of secure mail transport, and they embody the old adage that ‘the mail must go through,'" said researchers in the paper. "Unfortunately, they also expose users to the potential for man-in-the-middle attacks, which we find to be so widespread that they affect more than 20% of messages delivered to Gmail from several countries. We hope that by drawing attention to these attacks and shedding light on the real-world challenges facing secure mail, our findings will motivate and inform future research."

______________________________________________________________________

Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.

You can follow him at @lucian_armasu. Follow us @tomshardware, on Facebook and on Google+.

  • igot1forya
    STARTTLS is the SMTP command to engage the TLS encryption layer. TLS is the actual encryption the article references. TLS downgrade attacks are common because email is meant to "just work", as a result legacy unencrypted SMTP is used as a backup whenever a server encounters a faulty TLS session or none at all. The best way to avoid these situations is to simply ban non-TLS servers or score their email reputation higher (generating a high level of SPAM bounces) unless they use a TLS capable smart-host to facilitate their encryption policy if their native server can't do it. It's just lazy to not have TLS.
    Reply
  • Darkk
    Until TLS and SSL Certs are required for ALL e-mail servers we have to resort to 3rd party encryption like OpenPGP and Citrix Sharefile.
    Reply