STARTTLS is an extension for several communication protocols, including IMAP and POP3, SMTP, FTP and XMPP and allows a plain text connection to be upgraded to an encrypted one using the TLS (Transport Layer Security) or SSL (Secure Sockets Layer) protocols.
Researchers at Facebook recently analyzed a day’s worth of the company’s email logs to determine how widely STARTTLS is deployed among email servers around the world. The company is in a good position to run such a test because it sends several billion notification emails every day to user email addresses hosted across millions of domain names.
“We found that 76 percent of unique MX hostnames [email server hostnames] that receive our emails support STARTTLS,” the Facebook researchers said Tuesday in ablog post. “As a result, 58 percent of notification emails are successfully encrypted.”
SSL certificates are successfully validated for around half of encrypted email traffic and the other half is “opportunistically encrypted,” the researchers said.
By opportunistic encryption Facebook refers to encrypted connections that are established despite the SSL certificate presented by the server not passing strict validation criteria. This can happen if the certificate is not signed by a trusted certificate authority, is expired or was not issued for the host name where it was used.
The Facebook researchers found that for over 99 percent of emails that were encrypted using opportunistic encryption the reason for certificate validation failures was a hostname mismatch, the certificates being otherwise acceptable.
Seventy-four percent of MX hosts that supported STARTTLS provided perfect forward secrecy (PFS), a property of some TLS cipher suites that prevents the decryption of previously captured traffic if the server’s private key is later compromised.
The majority of email traffic sent by Facebook to servers with STARTTLS support was encrypted with the ECDHE-RSA-RC4-SHA and DHE-RSA-AES256-SHA cipher suites, but that was probably the result of those suites being preferred by the major email providers. When counted by unique deployments, the majority of servers used DHE-RSA-AES128-SHA.
The second most prevalent cipher suite by unique server IP addresses was AES128-SHA, which is concerning because it does not provide perfect forward secrecy, the Facebook researchers said.
PFS has become an increasingly recommended feature for TLS deployments, amid growing concerns over the past year of widespread Internet surveillance by intelligence agencies like the U.S. National Security Agency and the U.K.’s Government Communications Headquarters.
The analysis carried out by the Facebook researchers shows that STARTTLS is already widely supported by email servers, even though there are certificate management issues that could be resolved.
“We see two high priority areas for improvement,” the Facebook researchers said. “First, we encourage the industry to work together to develop better tools for preventing mismatched certificates. Second, we encourage everyone to deploy support for opportunistic encryption via STARTTLS.”
“A system deploying STARTTLS support for the first time can expect more than half of its outbound email to be encrypted,” they said.