How Widespread is Secure SMTP Usage?

Honest Postmaster asks: "Maybe I am a paranoid nut, or maybe I just feel like my users email is as sacred as snail mail (which we like to hope is untouched); but i have been getting a sinking feeling about all the news I have been hearing about NSA & Government agencies getting potential carte-blanch to sniff email traffic (if they didn't have such, already). I did a quick search and found RFC 2487, which seems to define secure transfer of traffic between SMTP servers using TLS/SSL. Firstly, is this truly a reasonably 'secure' solution? Secondly it seems to have actual implementations (e.g. exim), but it will only work if both client and server support it -- how widespread is its usage? is it hopeless to expect every ISP, megamail .com to get around to turning this feature on, or will sniffing just be a part of our everyday reality?"

If you want security, do it yourself..

[cmowire]

If you want security, you'll have to do it yourself, I think.

This means, use PGP and don't rely on the SSL/TLS security of your mail server.

The simple fact is that, unless you are dealing with money, it's too much trouble to properly set up TLS/SSL for a server.

And yes, both ends need to support encryption for it to work.

I mean, most websites do not use TLS/SSL, so why should most mail servers?

Is PGP really secure?

[dustpuppy]

There has been a lot of talk that PGP is the only unbreakable encryption method out there, but doesn't one find it interesting that the US government would hound Zimmerman mercilessly for years and then all of a sudden stop.

Now why would they suddenly stop harrassing him ... maybe because the RSA has finally found a way to break the PGP encryption? It's standard practice that once you know how to break someone's code, you don't ever let them know which guarantees that you can keep on reading all their transmissions.

I only ever felt secure *while* the US Government kept hounding Zimmerman. Now that they have stopped, I would assume that no email can be secured.

Re:Is PGP really secure?

[randombit]

There has been a lot of talk that PGP is the only unbreakable encryption method out there

Which is complete bullshit, for 2 reasons:

1) PGP, like virtually any other form of cryptography, is breakable. It may not be breakable in a reasonable amount of time, but it is certainly breakable. Do not use "unbreakable" unless something is, in fact, unbreakable (within whatever environmentt you're placing it).

2) Why would PGP be particularly strong over other protocols? It's not. Hell, it doesn't even include MACs in the messages, which brings up all kinds of problems.

maybe because the RSA has finally found a way to break the PGP encryption?

Umm... wait, what? Perhaps you meant the NSA???

Anyway, maybe it was because they realized that they didn't have any kind of proof that PRZ had exported the code, that if they pursued it with criminal charges, more likely than not the unconstitutional restrictions on crypto would have been declared as such and lifted, and PGP was already widely available outside the US so they weren't getting much out of it.

It's standard practice that once you know how to break someone's code, you don't ever let them know which guarantees that you can keep on reading all their transmissions.

Wait... huh? From what I can get out of this, it would imply that the NSA even if the NSA could break the algorithms in PGP, they would keep up bothering Phil forever, to give people the impression that PGP was still a big threat to them.

SSL/TLS is possible, but not an optimal solution

[bruckie]

I did quite a bit of research about this very thing as I was setting up my company's mail server. Here's what I found out:

• SSL support is very widespread in both SMTP servers and clients. Postfix, Sendmail, and Exim support it on the server end. Outlook Express, Outlook, and Mozilla support it on the client side. These lists are by no means exhaustive.
  
• Many mail servers in use don't have encryption support turned on, thereby forcing you (who wants to use encryption) to either send your message in plaintext, not send it, or encrypt it with something like PGP.
  
• SSL/TLS is not a good e-mail security solution even if both servers (sending and receiving) support and use it. Why? SSL (secure sockets layer) and TLS (transport level security) only encrypt the message while it's in transit, between the servers. However, SMTP is a store and forward system, and SSL/TLS only protects the "forward" part of it. The messages usually sit unencrypted on disk for anyone to view. Any intermediate person with access to a mail server can read a message, even if it was sent using SSL/TLS.
  
• Although SMTP SSL/TLS isn't optimal for complete security, it is still useful. Transit security is better than no security at all.

I decided to implement a Postfix server at my company, and enabling SSL/TLS isn't hard at all. You just patch the source, compile, and tell Postfix where to find its certificates.

Why did I choose to use SMTP encryption when it has all of the drawbacks listed above? Two reasons:

1. Some security is better than none.
2. It protects passwords used to allow relaying (for legitimate company users).

You can set Postfix to:

• Only talk to servers that have SSL enabled (thereby prevent a large part of the internet from sending you mail)
• Use it when it's available but send even if it's not
• Never use encryption.

(Each of these setting is independently "settable" for sending mail and receiving mail.)

In short, use PGP or similar if you need real security. SSL/TLS is only useful as an added protection.

--Bruce

Re:SSL/TLS is possible, but not an optimal solutio

[E Zimmer]

The second and third point here I think are most important. Having just set up a ssl/tls mail server running qmail-ldap.

It comforts me to know remote users/roaming users don't have their passwords floating around plaintext.

It's also very easy for a box in promisc can grab any email on the segment that someone can wedge one in legit or other wise.

Re:SSL/TLS is possible, but not an optimal solutio

[DNS-and-BIND]

Securing the transport keeps spies, government and corporate, from reading your users' email while it travels over the public internet. I don't think anyone is too worried about unencrypted messages being stored in a mail queue.

Think globally, act locally

[coyote-san]

I normally hate that new age nonsense, but this is a case where it makes sense.

Don't worry about how many other sites support this, just worry about whether *you* support it. If you're sending sensitive material, you need to use an end-to-end protocol (e.g., PGP) regardless. If you're just trying to do opportunistic encryption of the channel (something which is still worthwhile to minimize the damage caused by casual sniffers), the limiting factor will always be the other side if you make sure that you're ready. If it's a site you often trade mail with, you can always encourage them to enable encryption themselves.

It makes no sense to wait for some magic threshold to be reached since that's the way (if everyone did it) to ensure that nobody acts.

For what it's worth, my outbound mail is qmail with the TLS patch. I hope stuff is encrypted, but if I'm worried I still use PGP. (My inbound mail is handled by my ISP, so I can't control encryption there. I grab mail from it via a SSH tunnel.)

TLS in the Real World

[Anonymous Coward]

From what I've seen quite a few messages that
I've gotten from people are TLS encrypted,

For example my incoming mail from my sourceforge list serves:

Received: from unknown (HELO usw-sf-list1.sourceforge.net) (216.136.171.252)
by xxxxx.mysite.net with DES-CBC3-SHA encrypted SMTP; 2 Oct 2001 18:07:
37 -0000
but what I find interesting is from a well known
site like hushmail who say everything about encryption and stuff:

Received: from mailserver1.hushmail.com (mailserver1.hushmail.com [64.40.111.27]
)
by smtp4.hushmail.com (Postfix) with ESMTP id ABCFA321B

no encryption :( and they don't support regular mutt mime-type encryption.

-Myron