Results 1 to 3 of 3

Thread: e-Mail in 2019 - encryption between the SMTP servers - ESMTPS and ESMTPSA

  1. #1
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,415

    Lightbulb e-Mail in 2019 - encryption between the SMTP servers - ESMTPS and ESMTPSA

    A rather large, profitable, popular, Social Media business has been touting that, one of the major advantages of their (popular) “Smart-Phone” App «which App ?? » over “traditional” e-Mail is that their “App” offers end-to-end encryption …

    Looking at my current e-Mail headers, I notice that:
    1. Most transfers between the SMTP servers are “with ESMTPS” and occasionally (for example a “push” e-Mail from my DSL-Router to my ISP) “with ESMTPSA” …
    2. My e-Mail transfers to and from my ISP use TLS …
    3. Only very rarely is a transfer marked “with ESMTP” …

    Looking at RFC 3848 the following is mentioned: <https://tools.ietf.org/html/rfc3848>
    The new keyword "ESMTPS" indicates the use of ESMTP when STARTTLS [1] is also successfully negotiated to provide a strong transport encryption layer.
    The new keyword "ESMTPSA" indicates the use of ESMTP when both STARTTLS and SMTP AUTH are successfully negotiated (the combination of ESMTPS and ESMTPA).
    In other words, AFAICS, currently “good old fashioned” e-Mail is usually / often being “automagically” encrypted “end-to-end” …

    Any other ideas and/or comments on this issue?

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,180
    Blog Entries
    3

    Default Re: e-Mail in 2019 - encryption between the SMTP servers - ESMTPS and ESMTPSA

    For me, end-to-end encryption of email implies either PGP/GPG or S/MIME (or something similar).

    The server-to-server encryption does not count as end-to-end, and plain text can leak at the intermediate nodes.
    openSUSE Leap 15.1; KDE Plasma 5;

  3. #3
    Join Date
    Feb 2010
    Location
    Germany
    Posts
    2,415

    Talking Re: e-Mail in 2019 - encryption between the SMTP servers - ESMTPS and ESMTPSA

    @nrickert:

    Yes, yes, encryption of e-Mail contents is the only really secure method but, for most users, it's difficult …

    The definitions for encryption of the traffic between SMTP servers have been around for about 15 years but, the acceptance is still not guaranteed …

    In addition, it doesn't seem to be “common knowledge” …

    For my case, now that I've noticed it and, for about 99.9% of my e-Mails it seems to be valid — I'm happy …

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •