Internet Research Group Proposes Better Email Standard

Mar 22, 2016

Improvements to SMTP will provide better guarantee of confidentiality

A group of researchers at some of the leading Internet companies have released the draft of a new mechanism for mail service providers to declare their ability to receive TLS-based secure email connections. The new feature fixes a flaw in the SMTP STS extension, which was supposed to be an update for mail security but failed to guarantee confidentiality or proof of server authenticity.

The new document proposes a means for the receiving server to declare its TLS support in advance, thus eliminating the negotiation phase, which makes the protocol vulnerable to various attack techniques. See the article in the Register for additional information.

Related content

  • Groklaw Closes

    Award-winning FOSS legal site shuts down on fears of government surveillance.

  • News

    Updates on Technologies, Trends, and Tools

  • Blocking Spam Intro

    Spammers charge real money for their dubious services, and hundreds of advertisers are willing to pay. We’ll show you some innovative techniques for controlling and containing spam, including strategies for slowing down spam bots, keeping spammers from getting your address, and separating spam from legitimate email.

  • The Mask: Scary New Face of Internet Intrusion

    Ultra-sophisticated attack tool might have originated from a state-sponsored intelligence service.

  • Inventor of Email Dies

    Pioneer Ray Tomlinson bequeathed the @ sign to billions of Internet users

comments powered by Disqus

Issue 216/2018

Buy this issue as a PDF

Digital Issue: Price $12.99
(incl. VAT)

News