Read this story at Slashdot.
Google announced today that Gmail has been the first significant email provider to support new security criteria, namely MTA-STS and TLS Reporting. ZDNet reports: The purpose of MTA-STS and TLS Reporting would be to assist email suppliers establish secure connections between each other, with the objective of thwarting attacks. The two new standards will stop this by allowing legitimate email providers to make a secure channel for exchanging emails. For instance, SMTP MTA Strict Transport Security (MTA-STS) works by allowing email server admins to prepare an MTA-STS policy on their host. This policy makes it possible for a supplier to ask before sending any emails that email servers affirm the security of a SMTP connections. Minimum requirements, like forcing external email servers to authenticate with a legal public certificate encrypted with TLS 1.2 or higher, may be enforced, based on preferences, ensuring that mails sent to a organization’s server traveling via an obligatory and properly encrypted station — or they don’t arrive in any way. In addition, the TLS Reporting SMTP extension sets up a reporting mechanism by which a email server can request daily reports from other email servers regarding the success or failure of emails that have been sent to the valid host’s domain. Both, when combined, will either prevent or help email admins identify SMTP man-in-the-middle attacks against their traffic.