Securing the Delivery of Email

Presented at The Circle Of HOPE (2018), July 22, 2018, 3 p.m. (60 minutes).

In early 2014, research revealed the horrible state of email over TLS. About half of email was sent in plaintext and, for the email sent over TLS, half of those servers presented certificates that were invalid or self-signed. On top of this, some governments and ISPs were regularly downgrading SMTP connections to plaintext. Since then, there have been multiple efforts by IETF and large mail server operators to secure the delivery of email. This talk will summarize the state of secure email delivery in 2018 and discuss ongoing initiatives and efforts to protect against MitM and downgrade attacks, including MTA-STS, DANE, and STARTTLS Everywhere.


Presenters:

  • Sydney Li
    **Sydney Li** (@li_squid) is a staff technologist at EFF. She focuses her efforts towards STARTTLS Everywhere, an initiative to secure communications between email servers, and sometimes works on Certbot. In general, she cares about PKI, data privacy, and making the Internet a little less broken.

Links:

Similar Presentations: