Web Giants Team on Secure E-Mail Standards

E-mail has been around in various forms for decades, but the underlying technology used to send it is almost as old -- and that?EU?s a big problem, according to engineers who develop e-mail protocols. So, representatives of the world's biggest e-mail service providers have united to improve the security of e-mail traffic.

SMTP Strict Transport Security (SMTP STS) is a new mechanism that lets those providers define policies for establishing encrypted e-mail communications. The new standard was developed by engineers from Google, Microsoft, Yahoo, Comcast, LinkedIn and 1&1 Mail & Media Development & Technology.

The proposed protocol was submitted to the Internet Engineering Task Force late last week. The task force is a large open international community of network designers, operators, vendors, and researchers "concerned with the evolution of the Internet architecture and the smooth operation of the Internet."

How It Works

SMTP STS would protect users against attackers trying to intercept or modify e-mail in transit either by impersonating the destination server or by breaking through the Secure Sockets Layer (SSL), the standard security technology for establishing an encrypted link between a Web server and a browser.

The engineers said that when an e-mail is sent to a domain that supports SMTP STS, the program will automatically ensure that the destination supports encryption and has a valid certificate before sending, helping the sender ensure that the message is going to the correct server. If the recipient domain isn?EU?t valid, the e-mail won't be delivered and the sender would be told why. The overall idea is to make certain that e-mail communication is properly secured by enforcing rules that have been around for years on the Web, but usually not in e-mail.

Kelley Mak, an analyst with Forrester Research Inc., told us the proposed protocol was a great improvement, especially coming from such a...

Comments are closed.