Security has been one of the main issues the tech world is giving attention to. It has always been an issue, but it has not been as much-talked about as it is today.
With these in mind, plus a concern for its clients’ privacy and a goal of enhancing its consumer’s experience, several of the biggest tech companies have come together to deliver a new email mechanism called Simple Mail Transfer Protocol Strict Transport Security or SMTP SMS.
Engineers from big tech companies have united to improve the security of email traffic traversing throughout the Internet. The result of the gathering, according to PCWorld, is a new mechanism that will allow email providers to define policies and rules for establishing encrypted email communications.
This mechanism has been defined in a published draft last week, which was sent to the Internet Task Force or IETF for consideration as an email standard. According to the posted draft, “SMTP STS is a mechanism enabling mail service providers to declare their ability to receive TLS-secured connections, to declare particular methods for certificate validation, and to request sending SMTP servers to report upon and/or refuse to deliver messages that cannot be delivered securely.”
Digital Trends reports that the new tech is necessary because security standards for emails have largely remained the same for years now. Because of this, most emails are left unencrypted and open to man-in-the-middle or MIM hacks, which can intercept the email and/or change its contents while on the way to its destination.
Emails, when first introduced, has no encryption at all as it only used a Simple Mail Transfer Protocol or SMP. During 2002, an extension STARTTLS was added to upgrade the unencrypted emails to encrypted ones. But this is not enough. However, there were some problems discovered by a research of the companies behind the new protocol.
One of the main problems with the STARTTLS extension is that if anything goes wrong with sending an email while on its way, it gets sent unencrypted by default. The said extension also uses an opportunistic encryption which doesn’t validate a server’s digital certificate. So in the end, if it cannot verify the server’s identity, it still assumes that sending the email in question is still better than nothing.
This results to the MIM vulnerability that enables an attacker to intercept traffic by presenting any certificate. This, in turn, lets the hacker decrypt the email thus leaving it unprotected in the end. With this comes the SMTP SMS as a solution and thus proposed by the tech companies
According to ZDNet, the tech companies involved in the SMTP SMS proposal are Comcast, Google, LinkedIn, Microsoft, Yahoo and 1&1 Mail & Media Development and Technology. The draft of the proposal, which was submitted last Friday, March 18, will expire this coming September 29.
Also Read: Yahoo, Facebook In Tumblr Ad-sale Deal?
For more technology news, you can subscribe to our newsletter. If you are a social media junkie and would like to receive updates on your timeline, then you can also like us on Facebook or follow us on Twitter.