Google, Microsoft, and Yahoo want to make email immune to man-in-the-middle attacks

google microsoft email encryption
In the era of Apple vs. FBI, and large scale hacks on a regular basis, most of us are slowly becoming aware that our data isn’t as protected as it could be. Google, Amazon, Facebook, Microsoft, and a number of other tech giants, however, are banding together to improve the security of email traffic around the Internet.

Software engineers from these companies are working together to create a new system called SMTP Strict Transport Security, which is a mechanism that essentially allows email providers to define new rules for creating encrypted email connections.

The new technology is necessary, especially because of the fact that security standards for emails have largely remained the same for years, leaving most emails un-encrypted and open to “man-in-the-middle” hacks, which intercept the email, or change its contents, en route to its destination. When email was first introduced, it used the Simple Mail Transfer Protocol, or SMPT, which did not have any encryption built in at all. Because of this, in 2002 an extension called STARTTLS was added to offer TLS, or Transport Layer Security, encryption with SMTP connections.

According to research by the firms behind the new protocol, one of the main problems with this standard, apart from the fact that it took a long time to be widely adopted, is the fact that if anything goes wrong with the sending of the email along the way, it will be sent unencrypted by default. Not only that, but STARTTLS also uses what’s called opportunistic encryption, which means that it doesn’t validate a server’s digital certificate, and if it cannot verify a server’s identity, it assumes that sending the email is still better than nothing.

This leads to the man-in-the-middle vulnerability, where a hacker can be put in position to intercept traffic by presenting any certificate, even if it is self-signed. That lets the hacker decrypt the email, and thus defeating the purpose of having encrypted emails in the first place.

SMTP Strict Transport Security seeks to solve this problem. The new protocol is designed to prevent an email from being delivered if the message cannot be delivered securely. It will also check to make sure the email’s certificate is a valid one, and in the event of a non-valid certificate, the email won’t be delivered, and the sender will be told why.

The proposal for the system has been sent to the Internet Engineering Task Force, and can be found in full here. If the proposal does succeed, we could soon be sending and receiving much more secure emails.


How good are you at spotting phishing scams? Take this quiz to find out

Are you able to discern between a legitimate email and one that's a scam designed to phish for your personal information? Google created an online quiz with tips to help you better understand phishing so you don't become a victim.

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.

Don't spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.

Data breach compromises 773 million records, 21 million passwords

A security researcher was alerted to a collection of breached data that included more than 773 million compromised records. After digging deeper, the breach was revealed to contain more than 21 million passwords.

Want a MacBook that will last all day on a single charge? Check these models out

Battery life is one of the most important factors in buying any laptop, especially MacBooks. Their battery life is typically average, but there are some standouts. Knowing which MacBook has the best battery life can be rather useful.

Want a Dell laptop with an RTX 2060? Cross the new XPS 15 off your list

The next iteration of Dell's XPS 15 laptop won't come with an option for an RTX 2060, according to Alienware's Frank Azor. You could always opt for a new Alienware m15 or m17 instead.
Product Review

Controversy has dogged the MacBook Pro lately. Is it still a good purchase?

The MacBook Pro is a controversial laptop these days -- and that's unfortunate. Due to some divisive changes Apple made to the functionality of the MacBook Pro, fans are more split. Does the 8th-gen refresh change that?

Always have way too many tabs open? Google Chrome might finally help

Google is one step closer to bringing tab groups to its Chrome browser. The feature is now available in Google's Chrome Canady build with an early implementation that can be enabled through its flag system.

Here's how to convert a Kindle book to PDF using your desktop or the web

Amazon's Kindle is one of the best ebook readers on the market, but it doesn't make viewing proprietary files on other platforms any easier. Here's how to convert a Kindle book to PDF using either desktop or web-based applications.
Product Review

Origin's Chronos PC is no looker, but it plays games with eye-popping detail

The Chronos is Origin’s smallest PC, but while it occupies less space than most A/V receivers, it delivers the power of a much larger desktop. Its dull exterior design does the system a disservice. Once you turn it on, you won’t be…

Can't stand keyboard gaming on PC? Here's how to use a PS3 controller instead

Properly connecting a PlayStation 3 Controller to a PC is no easy task, especially when you opt for third-party peripherals. Thankfully, our guide will help you through the process.

Zipping files on a Chromebook? Follow these four easy steps

Chromebooks support file compression, though they work a little differently than on Windows or Mac. Here's the step-by-step process to zipping files on a Chromebook, and then unzipping them again for extraction.

Yes, you can use Android apps on your Chromebook. Here's how

You can now get Android apps on your Chromebook! Google has enabled the Google Play Store app support on its Chrome OS and Chromebook hardware, so to get you started, here's our guide on how to get Android apps on a Chromebook.

Patent application reveals what’s to come after AMD’s Graphics Core Next

A published patent application from AMD has revealed a new type of graphics processor core which could make a big difference to the capabilities of its GPUs if it finds its way into them in the future.