SMTP Security in a Changing World

Presented at LayerOne 2017, May 28, 2017, 1 p.m. (60 minutes)

The Simple Mail Transfer Protocol (SMTP) has been handling some of our most trusted communications since 1982. And yet, it’s own RFC admits “SMTP mail is inherently insecure”. What gives?

We’ll be taking a look at key technologies along the timeline to secure SMTP, from the first security-free(!) SMTP standard to STARTTLS, SPF, DMARC, and everywhere in between. We’ll cover a simple explanation for each standard and the basics of why it matters, presented in order of historical appearance to highlight the bigger story around SMTP and its ongoing struggle to stay modern with security. Along the way we’ll investigate where our train conductors in the saga to secure SMTP have failed, how far off the rails we are with “best practice”, and what we can do for now to bring email a little closer to on-track.

Presenters:

• Katie Knowles
  Katie Knowles (@_sigil) is a dedicated enterprise Information Security Specialist by day, and avid Information Security explorer by night. She received her Bachelors in Electrical Engineering from Rochester Institute of Technology before journeying to Los Angeles, where she can usually be found with DEFCON 562.

Links:

• https://infocon.org/cons/LayerOne/LayerOne 2017/SMTP Security in a Changing World (Katie Knowles).mp4
• https://www.youtube.com/watch?v=PHtukqtSdQc

Similar Presentations:

• DEF CON 22 (2014) / Dark Mail
• ToorCamp 2014 / A Study of SMTP [in]Security
• 32C3 (2015) / Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015