SMTP STS: E-mails for decades have been using ancient SMTP transport technology. The majority of e-mails that are sent in plain text without Internet encryption use the SMTP protocol, but we still have a great deal of trust in some of our most private conversations.
The new SMTP STARTTLS protocol was devised to correct the ancient SMTP many years ago but failed to adopt widely as it was full of imperfections and could not ensure that the messages were actually encrypted.
Here comes a new proposal, however, which was submitted to the Internet Engineering Task Force on Friday. The new proposal has been developed by its technicians: Google, Yahoo, Comcast, Microsoft, LinkedIn and 1 & 1 Mail & Media Development.
It suggests safe routes throughmovementς e-mail, protected from intruders trying to monitor or modify emails either during the transfer, by mimicking the destination server or by breaking SSL encryption through various existing attacks.
The idea is simple: when an email is sent to a domain that supports SMTP STS the sender will automatically check if the destination supports encryption and if their certificate is valid before sending, to make sure they are "talking" to the right server.
If it is invalid, the e-mail will not be delivered and a notification will tell the user the reason. The proposal contains too many technical details on how it can work in practice (read from the link at the end of the publication).
At the moment, the proposal is only a proposal and it will probably take a long time to become a reality (if ever).
We hope that with the support of some of the world's largest technology companies, it will become a reality.
SMTP Strict Transport Security