Google, Microsoft, Yahoo, Other Tech Titans Unite For Proper Email Encryption

Santiago Tiongco, Tech Times 21 March 2016, 09:03 am

Email is currently one of the most widely used modes of online communication, containing information ranging from unwanted promotional items to casual, everyday conversations down to personal matters that communicating parties can only hope remain private.

But did you know that even though email has been around for decades, only few email providers implement an email encryption function that can deter unauthorized online snoopers? One of these is ProtonMail, an encrypted email service that recently launch to Android and iOS.

Unfortunately, most email providers still employ an outdated yet still predominantly used unencrypted email transit called Simple Mail Transfer Protocol (SMTP). Without encryption, these plain text emails can easily be intercepted by hackers and use whatever content the email has as they please.

Even worse, the sender and recipient are unaware of such interference most of the time. More often than not, the sender is not even notified that the content of their message will be transmitted virtually unprotected, that is, unencrypted, through SMTP, since there is minimal to no security protocol such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to safeguard the contents to be sent.

The good news is, this problem has not gone completely overlooked. A growing number of email providers utilize methods of encryption. For instance, TLS is now extensively supported as reported by Google in its recent transparency report. A similar report coincidentally says that the company "regularly receives requests from governments and courts around the world to hand over user data."

In line with this, the Internet Engineering Task Force, which includes the abovementioned tech companies, has drafted a proposal to enforce an SMTP Strict Transport Security (STS) that will enable mail service providers "to declare their ability to receive TLS-secured connections, to declare particular methods for certificate validation, and to request sending SMTP servers to report upon and/or refuse to deliver messages that cannot be delivered securely."

This proposal sounds promising, especially with such large corporations supporting it. But until this potentially groundbreaking email security plan actually pushes through, it's best to personally look for measures that will ensure security before relaying confidential information. Think twice before you hit that button containing your credit card info!

Photo : Yuri Samoilov | Flickr