Email Encryption Is Broken

Email was never designed to be private. When the Simple Mail Transfer Protocol (SMTP) was first invented, it didn't come with protections or ways to check that a message really came from where it claimed to. Those came later, with the addition of extensions like STARTTLS for encrypting communications and others for authenticating messages.

Now a study has found that despite those inventions, large chunks of email traffic are being deliberately stripped of their encryption, or just sent without any in the first place, leaving them totally open to passive eavesdroppers. Some of the findings are truly staggering, with over 95 percent of email sent from Tunisia to Gmail having its protections removed, or more than 20 percent of inbound Gmail messages in seven countries arriving in clear text because of network attacks.

The findings come from what researchers at the University of Michigan, Google, University of Illinois, and Urbana Champaign say is the first report on global adoption rates of email security extensions. The researchers had access to some impressive data sets: logs of SMTP traffic sent to and from Gmail from January 2014 to April of this year, as well as a snapshot of the configurations of email servers belonging to the Alexa Top Million domains. Alexa is a site that ranks the world's websites by traffic.

They found some pleasant news: "from Gmail's perspective, incoming messages protected by TLS have increased 82% over the last year," the researchers write, who add that a lot of this is due to several big providers, such as Yahoo and Outlook, encrypting its traffic. TLS stands for Transport Layer Security, and is the cryptographic protocol used to encrypt all sorts of data, be that web browsing or email.

But that's about it for the good stuff. For the 700,000 SMTP servers associated with the top million domains, only 82 percent support TLS, and 35 percent allow proper server authentication.

The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor. But this paper is the first indication of how widespread it is.

And it appears that pretty much everyone, from governments to academic institutions, is getting in on the act.

"Overall, no single demographic stands out; the distribution is spread over networks owned by governments, Internet service providers, corporations, and financial, academic, and health care institutions. We note that several airports and airlines appear on the list, including an AS belonging to a subsidiary of Boingo (AS 10245), a common provider of in-flight and airport WiFi," the researchers write.

"These attacks are both readily found in the wild and pose a real threat to users, with more than 20% of mail being sent in cleartext within seven countries," the researchers continue.

And although some of this stripping may be done to facilitate legitimate filtering, perhaps for corporate networks to check for malicious content, "this technique results in messages being sent in cleartext over the public Internet, enabling passive eavesdropping and other attacks," the researchers write.

This should act as a reminder that because of the nature of STARTTLS, even if Google or anyone else implements encryption onto their email traffic, someone else can simply reverse all of that work—possibly leaving your emails open to snooping by whatever server they happen to slip through.

There are solutions, though they are unlikely to spring up over night. The researchers suggest implementing a similar measure to that with browsing websites: HTTP Strict Transport Security (HSTS) allows websites to indicate that future connections must use HTTPS. HTTPS is used for encrypted browsing sessions.

"A "HSTS for email" is being standardized to address the insecure fallback case but adoption is slow and old technologies are still supported for literally decades," noted security researcher Frederic Jacobs told Motherboard in a Twitter message.

But for the time being, large sections of email traffic are totally vulnerable to being spied on, something that leads the researchers to describe the current state of email as a "security patchwork."