Background

There was a perception the email was somehow not secure end to end, and the hacker could sniff around the email package.

Solution

Most of the email servers, the hosted one especially, implemented the Transport Layer Security (TLS), a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

In particular, most mail providers use the Opportunistic TLS approach.

The standard form of TLS is called “opportunistic TLS”, and it works by securing email wherever possible. Opportunistic TLS uses an extension called STARTTLS to send a request from the sender’s server to the recipient’s server. This initiates a handshake protocol to create the conditions necessary to exchange encryption keys and establish an encrypted tunnel that ensures the email is sent safely and securely.

Where the target mail server does not support TLS, however, using opportunistic TLS, the sender’s server will use an unencrypted channel to deliver the email and prioritize delivery.

As a method of encryption, opportunistic TLS is suitable for a world where usability and expedience are the priorities of email users. It means accepting the elevated security risk of sending some emails unencrypted by reducing the chance of a message not being delivered.

Put simply: with opportunistic TLS, delivery is more important than security. For instance, sometimes, you need to deliver the message from old printers that do not have TLS configured.

There is another approach called Forced TLS. This is the opposite of the Opportunistic TLS. With forced TLS, the email can only be sent when a recipient email domain is authenticated as a trusted source. If the secure tunnel can’t be established, the email simply won’t be sent at all. Put simply: with forced TLS, security is more important than delivery.

As most servers are using TLS nowadays, we could say the chance of getting sniffed is pretty tiny. However, the perception somehow the email is not secure is correct, as some email providers implemented the Opportunistic TLS to send and receive the emails without blocking them.

Sources

Egress: Opportunistic TLS VS Forced TLS

The End

Congratulation on reaching the end of this article. We hope we have shed some light on outlining how secure the email connection from end to end.

We write this in such a way that this is not a fixed article. Like in this journey, we learn as we go, and we re-write some parts, so please keep pinging with this article.

We also would love to hear about how you deal with the situation and what problems you might be facing. Please feel free to comment below this article and let us know if you have any questions we can answer! Thanks again!

Big thank you for the photo by Miguel Á. Padriñán from Pexels.

To boost your product and service to the wider web community, you can visit our Dewalist classified website – home to 31,000+ active users and 40,000+ active advertising so far. Check it out!

If you love this security article or any tech posts and you would like to receive an update of this article or our latest post, please sign up for the form below: