|
|
|
|
|
|
by yosito
1198 days ago
|
|
|
It would be interesting to evaluate whether my nameserver provider (Cloudflare) or my mail provider (Fastmail) are sharing access to my emails with anyone else. I chose these providers because I don't want Google reading my emails. I assume that because it's a cleartext protocol and Fastmail operates in Australia that all of my emails are accessible in theory to state actors. |
|
|
SMTP (the delivery email protocol) began supporting encrypted transport in 2002, which means that for over a decade most email has been encrypted in transit [5] (as well as during retrieval, because of POPS/IMAPS and HTTPS-secured webmail). The method is TLS (same protocol used by HTTPS, all of our web browsing traffic). Competent mail servers and services, such as exim [1] and GMail [2], let you choose to abort delivery if the destination server does not support encryption (or, since you are concerned about state actors, if there's a STARTTLS-stripping server in the middle).
Furthermore, DANE [3] and TLSA [4] can be used (requiring DNSSEC to be set up for the domain) to bind a mail server record to a specific TLS certificate, further reducing meddling opportunities by state-level actors and allowing a "we do allow insecure mail delivery, but since this destination has DANE it is implied they have TLS and we will fail delivery if TLS cannot be established with this destination with the DANE-specified parameters".
[1] https://www.skytale.net/blog/archives/32-Outgoing-TLS-verifi...
[2] https://support.google.com/a/answer/2520500?hl=en
[3] https://www.rfc-editor.org/rfc/rfc6698
[4] https://www.rfc-editor.org/rfc/rfc7671
[5] https://www.eff.org/deeplinks/2020/04/winding-down-starttls-...