With Google recently changing their indexing policy to downgrade websites that do not use encryption (https) we've seen a dramatic increase in domains supporting encryption.  The same can't be said of email.  Email is insecure, which seems to shock many of our clients.  Most messages are sent "in the clear", meaning with no form of encryption.  This opens up the user to having their emails intercepted by third parties, such as hackers, corporations, governments, etc.  While our servers have supported encryption since we first brought them online back in the early 2000's, many email servers still don't.  This is about to change with the Electronic Frontier Foundations (EFF) launching a new program called STARTTLS Everywhere.

When talking about email encryption there are two types, end-to-end and hop-to-hop.

End-To-End Encryption

This is encryptions secured within the email client itself.  PGP (open source equivalents: GPG, OpenPGP) and S/MIME are the two most common end-to-end encryption methods in use.  Both of these encryption systems work on public key cryptography.  This is where a user creates a public key and a private key.  The public key can be shared with anyone, and allows for messages to be encrypted to them only.  The public key can't be used for decryption, only for encrypting, and only to the user that originally generated the key.  The private key is used to decrypt messages encrypted with the public key.  This kind of encryption ensures that only the recipient can view the message.

Contact us to learn more about implementing End-to-End Encryption within your business.

Hop-To-Hop Encryption

This method of encryption is handled by the server.  When sending a message the sending server works with the receiving server to "swap" public keys, allowing data that flows between the two to be encrypted.  This is good and should be considered necessary encryption but it has it's drawbacks.  Hop-To-Hop encryption only encrypts the messages during sending, once they are received by the email server they are not encrypted, allowing anyone with access to that server to read them.  This type of encryption protects messages from third parties that could be "listening" to the traffic flowing through the internet.  Hop-To-Hop also provides additional protections for End-To-End encryption, in that for end-to-end only the body of the message is encrypted, leaving the subject unencrypted.


The name STARTTLS Everywhere is a little confusing for those that don't deal with this technology frequently.  STARTTLS is an encryption method using the TLS Encryption Protocol (Wikipedia, RFC) and are specified by the Internet Engineering Task Force (IETF).  Whereas the STARTTLS Everywhere is a program run by the EFF.  It's goal is to raise awareness, and assist server administrators in retrieving a valid security certification, configuring their email server for STARTTLS use, and having a list of verified other domains that have been verified to use STARTTLS.

The most exciting thing that will come out of this program is the ability to list email domains and servers that support STARTTLS encryption to provide an additional repository for verification.

How to Use STARTTLS Everywhere

Well you don't, unless you are responsible for administering your mail server that is.  However, I would advise working with the company that hosts your email to see if they impliment hop-to-hop encryption.  As always we are always happy to work on your behalf to either work with your hosting company, evaluate new providers, or implement hop-to-hop on your in-house email server.