======SMTP STARTTLS======

When an email server sends an email to another email server it can negotiate a secure encrypted connection using a process called [[wp>Opportunistic_TLS|STARTTLS]]. STARTTLS is a way to set up a [[wp>Transport_Layer_Security|TLS]] encrypted connection between two entities on the network on a catch as catch can basis. TLS is more famously used to secure the connections between web browsers and web servers.

STARTTLS has some implications for PGP protected email.

=====Good News=====

STARTTLS will protect email meta information from passive observers on the network. For email the meta information is mostly source and destination email addresses with some routing information. The most important bit of meta information protected is that the email is encrypted. If someone is passively watching traffic on the network they will not be able to selectively record encrypted messages off the network with the hope of breaking the encryption later.

These days (2020) it is quite widely (90%+) deployed (([[https://www.facebook.com/notes/protect-the-graph/massive-growth-in-smtp-starttls-deployment/1491049534468526/|Massive Growth in SMTP STARTTLS Deployment]]))(([[https://transparencyreport.google.com/safer-email/overview|Email encryption in transit]])). Since the connection between mail clients and mail servers is almost always also encrypted with TLS the result is that most email is protected with STARTTLS while on the network.

=====Bad News=====

STARTTLS as implemented now is fairly easy to interfere with on the network. Someone who can change traffic on the network can force the email servers to downgrade to no encryption at all. If such interference is done on a wide scale it would be publicly noticed so such attacks would be directed against particular entities in most political environments.

STARTTLS does not protect email on any email servers used. The operators of those servers have complete and easy access to your emails.

If you or one of your correspondents uses an email server that does not support STARTTLS then all messages exchanged with that correspondent will not have the protection of STARTTLS. Wide deployment might not actually help for what could be your most private case.

As a result, STARTTLS should be considered an enhancement but not any sort of substitute for end to end email encryption.

=====Checking for STARTTLS=====

In some cases it might be useful to know if STARTTLS is being used between you and a particular correspondent. That information is available in the header of the email. Search through the header information until you find the ''Received:'' section that corresponds to your email server (usually the first one). An example:

<code email [highlight_lines_extra="2"]>
Received: from mail-dm6nam12olkn2107.outbound.protection.outlook.com ([40.93.27.101] helo=NAM12-DM6-obe.outbound.protection.outlook.com)
        by mail.example.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.92.3)
	(envelope-from <pgpuser375@hotmail.com>)
	id 1jmh18-000Ebg-Kf
	for pgpfan@example.com; Sat, 20 Jun 2020 12:10:59 -0500
</code>

Here I recognize my email server as ''mail.example.com''. Since I see ''esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)'' I can conclude that the email transfer to my email server was protected by STARTTLS. Formats vary but you really only have to see the "TLS" part.

Because the email headers can be changed by someone interfering with the network connection a finding of "STARTTLS used" is not entirely definite. A finding of "STARTTLS not used" is quite definite.

[[pgpfan:index|PGP FAN index]]