Microsoft, Google, Comcast, LinkedIn To Collaborate To Work On Encrypted Email

Email has been around for a long time now, the underlying transport technology used to send SMTP, and it is surprisingly ancient.
 
The majority of email is send in plain text, unencrypted around the internet using SMT -- yet we still rely mainly on it for some of our most private conversations.
 
SMTP STARTTLS has been invented to fix this years ago; however it failed to be broadly adopted and has been full of flaws, ultimately failing to ensure messages are really encrypted.
 
Recently, with that technology, it has become really easy to man-in-the-middle an email before it is sent and inform the sender that there is no SSL enabled so that the client won't send an unencrypted mail without warning.
 
The new proposal, which was submitted to the Internet Engineering Task Force on Friday, has been worked on by engineers from Microsoft, Google, Yahoo, Comcast, LinkedIn and 1&1 Mail and Media Development.
 
It proposes protecting against attackers who want to modify or intercept email in transit by either impersonating the destination server or breaking SSL through a range of existing attacks.
 
The concept is that when the email is being sent to a domain, which is supported by SMTP STS the sender will be able to automatically check if the destination supports encryption and if their certificate is valid before sending, in order to ensure that they are talking to the right server.
 
If invalid, than the email would fail to be delivered, and would inform the user the reason for it. The proposal contains technical details on how this should actually work in practice.
 
Eventually, if this proposal succeeds, it will ensure that the email communication is properly secured by enforcing rules which have long exited on the Web, but are not available in your inbox.
 
According to Google, the TLS encryption is already widely supported with more than 70 percent of Gmail’s inbound messages received over SSL.
 
Since it is just a standard proposal right now, it will take some time before it becomes reality, but with the backing of some of the greatest tech giants it seems likely that it would succeed.