Okay, I don't really mean to advocate this as a privacy solution because
it is and it isn't. If you truly want privacy of your email you
mustuse end-to-end encryption like PGP/GnuPG or S/MIME. That said,
I think it's good to encrypt things, even ciphertext, over the network.
So STARTTLS for SMTP is a good start.
What, exactly, is STARTTLS? Well, it's an opportunistic protocol that
goes out and asks a server in which I want to talk with if it supports
encryption. If it does then we negotiate the terms (ciphers, keys,
certs) and then we establish a circuit and exchange the information. If
it doesn't support encryption I just skip the setup of the encrypted
circuit and transmit the data in the clear. Yeah, not a great solution
and I really hate the thought of STARTTLS as it isn't a guarantee that
the data transferred will be encrypted (unlike, say, HTTPS).
Earlier today Kurt pointed me at a study done by Facebook. Yeah,
everyone knows I hate FB but really they are in a great position to do
such a study. According to their
study,
"Facebook sends several billion emails to several million domains every
day". Okay, that's a lot of email. And with that amount of exposure to
the worlds' SMTP servers I'm guessing they've hit most of the servers
out there. Turns out 76% of those servers support STARTTLS and most
actually use a good cipher suite and
PFS.
Unfortunately it appears that most mail is routed to providers that
aren't supporting good crypto suites. The report doesn't name them so I
figured I'd go out and see if I could find some of the deficient setups.
The obvious first choice was Google's Gmail. As long as the incoming
server connects to port [STRIKEOUT:465] 587* they should get an
encrypted circuit supporting TLSv1.2 protocol with a cipher of
ECDHE-RSA-AES128-GCM-SHA256. Great, I have no complaints here. Hmmm,
so who is next? I guess Hotmail is still a biggie and Microsoft does
have all those B2B services as well. It seems TLSv1.2 with a cipher of
ECDHE-RSA-AES256-SHA384 is being used on at least some of their SMTP
servers. What's next? Ahh, yes, Yahoo! is still in business (although
I seriously don't know how). Yahoo! just implemented encrypted
connections for their webmail users so clearly they should have fixed
their backend connections as well, correct? Well, they are the first to
make my bad list by using the TLSv1 protocol with the cipher of
RC4-SHA. Come on guys, get it together! Let me see what my provider,
Bluehost, is doing here. It appears that, like Google, they support
TLSv1.2 and are using the cipher of DHE-RSA-AES256-GCM-SHA384. Again, a
great choice (although the AES256 is a bit much but that's a different
post all together).
I might, one day, setup a scanner to more thoroughly collect this data
and make it available in more real-time but for now I think the Facebook
data is awesome and quite timely.
*As was pointed out in the comments port 587 is a user port and is used
for authenticated SMTP access from clients. Once the SMTP server has
the message to be delivered the server will connect over to the distant
SMTP server over port 25 unauthenticated. Port 25 can be just plaintext
or can use STARTTLS. As an aside, why port 25 outbound (and inbound?)
is blocked for many residential customers is because it is
unauthenticated and a present a good entry point for spam.