Securing the Delivery of Email

Presented at The Circle Of HOPE (2018), July 22, 2018, 3 p.m. (60 minutes)

In early 2014, research revealed the horrible state of email over TLS. About half of email was sent in plaintext and, for the email sent over TLS, half of those servers presented certificates that were invalid or self-signed. On top of this, some governments and ISPs were regularly downgrading SMTP connections to plaintext. Since then, there have been multiple efforts by IETF and large mail server operators to secure the delivery of email. This talk will summarize the state of secure email delivery in 2018 and discuss ongoing initiatives and efforts to protect against MitM and downgrade attacks, including MTA-STS, DANE, and STARTTLS Everywhere.

Presenters:

• Sydney Li
  **Sydney Li** (@li_squid) is a staff technologist at EFF. She focuses her efforts towards STARTTLS Everywhere, an initiative to secure communications between email servers, and sometimes works on Certbot. In general, she cares about PKI, data privacy, and making the Internet a little less broken.

Links:

• https://xii.hope.net/schedule.html#-securing-the-delivery-of-email-
• https://infocon.org/cons/2600/The Circle of HOPE (2018)/The Circle of HOPE (2018) Securing the Delivery of Email.mp4
• https://infocon.org/cons/2600/The Circle of HOPE (2018)/The Circle of HOPE (2018) Securing the Delivery of Email.eng.srt (subtitles)
• https://www.youtube.com/watch?v=qK8abPUa_dw

Similar Presentations:

• HOPE X (2014) / PRISM-Proof Email: Why Email Is Insecure and How We Are Fixing It
• ToorCamp 2014 / A Study of SMTP [in]Security
• 32C3 (2015) / Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015