This may startle you: There’s a way to increase security on your email servers.
It’s a protocol whose origins date back to 1999, but if everyone with a mail server adopted it, it would go a long way to making sure email is more secure.
It’s an extension to the SMTP mail transfer protocol called STARTTLS (short for “SMTP Service Extension for Secure SMTP over TLS.”
Norwegian security consultant Per Thorsheim discusses this in a column published this week.
Briefly, the service offers email encryption between two mail servers.
Few servers offer STARTTLS support, he writes, based on a 2010 study of tens of thousands of domains in Norway. Those that did often had badly-configured or expired SSL certificates.
Is this a complete defence to email interception? Maybe not, but it’s something a lot of organizations should look into for enhancing their defences. And the more organizations that adopt STARTTLS, the more effective it will be.
I’d like to hear from you about this idea and whether its practical. Leave a reply in the space below.