SMTP Health Campaign

enforce STARTTLS and verify MX certificates

Dear postmasters

Email is dying, and for a good reason: SMTP is kept insecure all around the world. As of 2021, the large majority of Mail eXchangers are still not enforcing STARTTLS nor providing a valid DANE or PKIX certificate. And even those few outbound MTAs which do enforce STARTTLS, mostly won’t verify the certificate on the other end, either.

Opportunistic STARTTLS is defeated with MITM attacks by simply downgrading to plain-text, and the horrific trust-any default policy gets defeated by any self-signed or private certificate in the middle.

Let us enforce inbound / outbound STARTTLS and Mail eXanger certificate verification, shall we?

Please KISS

MTA-STS is NOT a solution. Outbound MTA which don’t talk STARTTLS to their peers would also omit to check for an _mta-sts record. This is nonsense from Google and Microsoft at the IETF, as usual. Using an additional protocol (namely HTTP itself protected by PKIX) for securing SMTP does not enforce ESMTPS, still, let alone certificate validation.

Go through the burden of implementing and enabling MTA-STS if you wish, but unless you make STARTTLS and a valid trust chain mandatory at the SMTP level, some clear-text messages will pass through your network pipes.

Proposed practice

MX (inbound MTA):

• Enforce STARTTLS
• Deploy valid server certificate(s) with either PKIX or DANE (possibly multiple certificates)
• Allow TLS v1.0 onwards and provide an RSA certificate for backward compatibility

• Eventually tune the error message: 530 5.7.0 Must issue a STARTTLS command first (see https://nethence.com/smtp/)

Outbound MTA:

• Enforce STARTTLS
• Make sure your PKIX CA trust store is well defined and kept up-to-date
• Enforce PKIX and DANE for MX certificate verification
• Allow TLS v1.0 onwards for backward compatibility
• Eventually tune the error message: Recipient's Mail eXchanger does not offer STARTTLS capability (see https://nethence.com/smtp/)

And as an email user, you can mention that your email is secured by referring to this page, for example as user@example.net (STARTTLS). You can also tune your email signature exempli gratia as follows. Don’t forget the empty space after the signature dashes:

-- 
(casual signature)
SMTP Health Campaign: enforce STARTTLS and verify MX certificates
<https://nethence.com/smtp/>

Public network survey

• Jan 2020 (last year)
• Jan 2021 (on-going…)

Resources

THE SAD STATE OF SMTP ENCRYPTION https://blog.filippo.io/the-sad-state-of-smtp-encryption/

A system for ensuring & authenticating STARTTLS encryption between mail servers https://github.com/EFForg/starttls-everywhere

POSTFIX AND STARTTLS https://pub.nethence.com/mail/postfix-tls

Let’s tune our cipher suites https://pub.nethence.com/security/ciphers

Strong Ciphers (see Other Software section) https://syslink.pl/cipherlist/

Applied Crypto Hardening https://bettercrypto.org/