EFF's STARTTLS Everywhere aims to protect email in transit

The Electronic Frontier Foundation this week unveiled STARTTLS Everywhere, a new initiative that aims to secure email in transit by encrypting messages as they hop from one email server to the next as they are delivered.

STARTTLS Everywhere aims to promote and improve the use of STARTTLS, a service extension for the Simple Mail Transfer Protocol that was defined in RFC 3207, "SMTP Service Extension for Secure SMTP over Transport Layer Security," and published in 2002. When a mail server initiates a connection with another SMTP server, it can demand to negotiate the use of encryption and authentication using the Transport Layer Security protocol.

Sydney Li, staff technologist at the Electronic Frontier Foundation (EFF), and Jeremy Gillula, tech policy director at EFF, wrote in the blog post announcing the new initiative that because most email traffic is still being sent in the clear, "without encryption, government agencies that perform mass surveillance, like the NSA [National Security Agency], can easily sweep up and read everyone's emails -- no hacking or breaking encryption necessary."

Invoking STARTTLS means mail servers can negotiate encryption and authentication mechanisms for their traffic. This means "network observers gobbling up worldwide information from Internet backbone access points (like the NSA or other governments) won't be able to see the contents of messages while they're in transit, and will need to use more targeted, low-volume methods," they wrote.

Using STARTTLS can protect the integrity of email messages by preventing third parties from scanning plain text messages when they are forwarded by routers as they traverse the internet between mail servers, as well as requiring that servers authenticate mail transmissions.

Even though most email servers already support STARTTLS, the ecosystem for hop-to-hop email encryption is flawed, according to the EFF, starting with the fact that most servers that support STARTTLS do not validate the certificates used to encrypt and authenticate transmissions.

The first thing that needs to be done is to ensure that their STARTTLS configuration is working as intended. All too often, we see poorly configured implementations that offer no additional security and actually increase the attack surface for threat actors.

"Without certificate validation, an active attacker on the network can get between two servers and impersonate one or both, allowing that attacker to read and even modify emails sent through your supposedly 'secure' connection. Since it's not common practice for emails (sic) servers to validate certificates, there's often little incentive to present valid certificates in the first place," Li and Gillula wrote. "As a result, the ecosystem is stuck in a sort of chicken-and-egg problem: no one validates certificates because the other party often doesn't have a valid one," and mail servers keep using invalid certificates because they are never validated.

Another problem with STARTTLS is the request to initiate an encrypted channel is sent in the clear, meaning a malicious actor can scan for such requests and block them. The result of this downgrade attack is the request is never seen by the recipient server, so the communication channel is left unencrypted.

The focus of the STARTTLS Everywhere initiative is to encourage widespread adoption of the protocol to help secure email in transit. "STARTTLS protects against attackers snooping on email traffic between servers and attacks that make the malicious mail servers appear authentic," said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, based in Salt Lake City.

Steps to support STARTTLS Everywhere

In addition to making sure email servers are properly configured to support STARTTLS, the EFF recommended email administrators get valid certificates on their mail servers and configure them to validate the certificates of other servers with which they communicate. As part of the STARTTLS Everywhere initiative, the EFF offers software that can get a valid certificate from Let's Encrypt automatically, and then step through email server configuration to begin using STARTTLS properly.

The other key action enterprises can take is to add their STARTTLS-compliant mail servers to the EFF's policy list of servers "that we know support STARTTLS," Li wrote in a technical deep-dive post. "This list acts essentially as a preload list of MTA-STS security policies. We've already preloaded a select number of big-player email domains, like Gmail, Yahoo, and Outlook."

Justin Jett

Justin Jett, director of audit and compliance for Plixer LLC, a network traffic analysis company based in Kennebunk, Maine, said STARTTLS Everywhere is an important step to securing email, but it is not sufficient. Organizations should also consider supporting the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol to do email validation in order to detect and prevent email spoofing, Jett said.

"DMARC allows domain owners to control where email can be sent, as well as sign emails as they are sent. This allows recipient email servers to verify that an email coming from example.com is actually sent from an authorized server or service," he said via email.

Ed Williams, director of SpiderLabs at Trustwave, based in Chicago, said companies participating in the STARTTLS Everywhere initiative need to start by looking at their own servers.

"The first thing that needs to be done is to ensure that their STARTTLS configuration is working as intended. All too often, we see poorly configured implementations that offer no additional security and actually increase the attack surface for threat actors," Williams said via email.

Williams added that STARTTLS Everywhere is not a complete answer for securing email.

"It's important to understand that STARTTLS is not a silver bullet for email security; it looks to address the issue of integrity and confidentiality. If correctly configured, having STARTTLS will mitigate the ability to trivially collect emails from passively monitoring the packets as they traverse the network."