Skip to main content
  1. Home
  2. Computing
  3. News

Google, Microsoft, and Yahoo want to make email immune to man-in-the-middle attacks

Christian de Looper
By

google microsoft email encryption
Image used with permission by copyright holder
In the era of Apple vs. FBI, and large scale hacks on a regular basis, most of us are slowly becoming aware that our data isn’t as protected as it could be. Google, Amazon, Facebook, Microsoft, and a number of other tech giants, however, are banding together to improve the security of email traffic around the Internet.

Software engineers from these companies are working together to create a new system called SMTP Strict Transport Security, which is a mechanism that essentially allows email providers to define new rules for creating encrypted email connections.

Recommended Videos

The new technology is necessary, especially because of the fact that security standards for emails have largely remained the same for years, leaving most emails un-encrypted and open to “man-in-the-middle” hacks, which intercept the email, or change its contents, en route to its destination. When email was first introduced, it used the Simple Mail Transfer Protocol, or SMPT, which did not have any encryption built in at all. Because of this, in 2002 an extension called STARTTLS was added to offer TLS, or Transport Layer Security, encryption with SMTP connections.

Related

According to research by the firms behind the new protocol, one of the main problems with this standard, apart from the fact that it took a long time to be widely adopted, is the fact that if anything goes wrong with the sending of the email along the way, it will be sent unencrypted by default. Not only that, but STARTTLS also uses what’s called opportunistic encryption, which means that it doesn’t validate a server’s digital certificate, and if it cannot verify a server’s identity, it assumes that sending the email is still better than nothing.

This leads to the man-in-the-middle vulnerability, where a hacker can be put in position to intercept traffic by presenting any certificate, even if it is self-signed. That lets the hacker decrypt the email, and thus defeating the purpose of having encrypted emails in the first place.

SMTP Strict Transport Security seeks to solve this problem. The new protocol is designed to prevent an email from being delivered if the message cannot be delivered securely. It will also check to make sure the email’s certificate is a valid one, and in the event of a non-valid certificate, the email won’t be delivered, and the sender will be told why.

The proposal for the system has been sent to the Internet Engineering Task Force, and can be found in full here. If the proposal does succeed, we could soon be sending and receiving much more secure emails.

Editors' Recommendations

Topics
Christian de Looper
Christian de Looper
Contributor
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
Microsoft Edge vs. Google Chrome: Performance, design, security, and more
microsoft edge chromium to roll out automatically soon chrome

Google Chrome remains the king of the web browsers, with around 60% share of the browser market as of December 2021. Microsoft's Edge browser, which uses the Chromium open-source engine, is in a lower spot around 12%, which is impressive with the browser having only been introduced in the last couple of years. Microsoft pushed the new Edge to all Windows 10 desktops, replacing the old Windows 10 version and giving Edge a built-in -- well -- edge. Edge is also the default browser for Windows 11.

Which browser should you use? The two share a lot of similarities, but some key differences make one the clear winner.
Design

Read more
3 reasons why Microsoft Edge is better than Google Chrome
microsoft edge chromium to roll out automatically soon chrome

There once was a time when no one used Microsoft Edge. But since the Microsoft web browser moved to use the same engine as Google Chrome, it's not so bad.

In fact, the new Microsoft Edge has even surpassed Firefox in terms of popularity. I've used Edge as my daily browser ever since it launched, and after years of using Chrome before it, there are three big reasons why Microsoft Edge keeps me coming back to it over Google Chrome.
Tracking prevention and security

Read more
Google Chrome has a secret feature to make it match Windows 11’s new design
Google Chrome opened on a laptop.

One of the signature features of Windows 11 is the new rounded corners and glass-like mica effects. Usually only found in Microsoft and select third-party Windows apps, these design elements are now making their way into Google Chrome but are still hidden secret behind a flag in Chrome's settings.

Once the secret flag is enabled, Chrome on Windows 11 fits in better with the rest of the new operating system. Right-click menus in Chrome change from squared off to more rounded, and also pick up the modern mica effect. In addition, Chrome's pop-out settings menu changes to a more rounded shape, fitting better with native Windows elements like the Start Menu and Quick Actions pop-out.

Read more