Skip to main content

Google, Microsoft, and Yahoo want to make email immune to man-in-the-middle attacks

google microsoft email encryption
Image used with permission by copyright holder
In the era of Apple vs. FBI, and large scale hacks on a regular basis, most of us are slowly becoming aware that our data isn’t as protected as it could be. Google, Amazon, Facebook, Microsoft, and a number of other tech giants, however, are banding together to improve the security of email traffic around the Internet.

Software engineers from these companies are working together to create a new system called SMTP Strict Transport Security, which is a mechanism that essentially allows email providers to define new rules for creating encrypted email connections.

Recommended Videos

The new technology is necessary, especially because of the fact that security standards for emails have largely remained the same for years, leaving most emails un-encrypted and open to “man-in-the-middle” hacks, which intercept the email, or change its contents, en route to its destination. When email was first introduced, it used the Simple Mail Transfer Protocol, or SMPT, which did not have any encryption built in at all. Because of this, in 2002 an extension called STARTTLS was added to offer TLS, or Transport Layer Security, encryption with SMTP connections.

Please enable Javascript to view this content

According to research by the firms behind the new protocol, one of the main problems with this standard, apart from the fact that it took a long time to be widely adopted, is the fact that if anything goes wrong with the sending of the email along the way, it will be sent unencrypted by default. Not only that, but STARTTLS also uses what’s called opportunistic encryption, which means that it doesn’t validate a server’s digital certificate, and if it cannot verify a server’s identity, it assumes that sending the email is still better than nothing.

This leads to the man-in-the-middle vulnerability, where a hacker can be put in position to intercept traffic by presenting any certificate, even if it is self-signed. That lets the hacker decrypt the email, and thus defeating the purpose of having encrypted emails in the first place.

SMTP Strict Transport Security seeks to solve this problem. The new protocol is designed to prevent an email from being delivered if the message cannot be delivered securely. It will also check to make sure the email’s certificate is a valid one, and in the event of a non-valid certificate, the email won’t be delivered, and the sender will be told why.

The proposal for the system has been sent to the Internet Engineering Task Force, and can be found in full here. If the proposal does succeed, we could soon be sending and receiving much more secure emails.

Christian de Looper
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Have an old Google Pixel? This camera test will make you want a Pixel 7a
The Pixel 7a and Pixel 4a's camera modules.

Three years separate the Google Pixel 4a and the Google Pixel 7a, and the internal specs and camera hardware are very different. But just how much do you notice when putting the two against each other and taking photos?

If you have a Pixel 4a and are thinking the Pixel 7a would be a good upgrade — or are interested to see how Google has advanced its camera and related software over the past three years — this test is for you.
How the cameras differ

Read more
Google’s new Bard AI may be powerful enough to make ChatGPT worry — and it’s already here
A man walks past the logo of the US multinational technology company Google during the VivaTech trade fair.

OpenAI's ChatGPT has taken the world by storm, but it will soon have a formidable rival. Google has just announced that its new "experimental conversational AI service" called Bard has now entered the testing phase.

For Google, perfecting this AI model seems to be an absolute priority, and it's running out of time to do so. Luckily for Bard, it will have a certain edge over this version of ChatGPT.

Read more
How ChatGPT could help Microsoft dethrone Google Search
A person on the Google home page while using a MacBook Pro laptop on a desk.

Microsoft is attempting to dethrone Google as the search champion by integrating ChatGPT into its Bing search engine. That’s according to a new report from The Information -- but will the gamble pay off?

ChatGPT only launched in November 2022, but it’s already been making waves among artificial intelligence researchers and the general public alike due to the unerring realism of its output. Chuck in any prompt you can think of and you’ll get back something that keenly resembles human-generated text, and people have been using it to write articles, generate code, and compose musical scores.

Read more