Gmail Becomes First Major Email Provider To Support MTA-STS, TLS Reporting (zdnet.com) 25
Google announced today that Gmail has become the first major email provider to support two new security standards, namely MTA-STS and TLS Reporting. Both are extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through which all emails are sent today. ZDNet reports: The purpose of MTA-STS and TLS Reporting is to help email providers establish cryptographically secure connections between each other, with the main goal of thwarting SMTP man-in-the-middle attacks. The two new standards will prevent this by allowing legitimate email providers to create a secure channel for exchanging emails. For example, SMTP MTA Strict Transport Security (MTA-STS) works by allowing email server admins to set up an MTA-STS policy on their server. This policy allows a legitimate provider to request that external email servers verify the security of a SMTP connections before sending any emails. Minimum requirements, such as forcing external email servers to authenticate with a valid public certificate encrypted with TLS 1.2 or higher, can be enforced, depending on preferences, ensuring that emails sent to a company's server travel through an obligatory and properly encrypted channel -- or they don't arrive at all.
In addition, the TLS Reporting SMTP extension sets up a reporting mechanism through which a legitimate email server can request daily reports from other email servers about the success or failure of emails that have been sent to the legitimate server's domain. Both, when combined, will either prevent or help email server admins identify SMTP man-in-the-middle attacks against their email traffic.
In addition, the TLS Reporting SMTP extension sets up a reporting mechanism through which a legitimate email server can request daily reports from other email servers about the success or failure of emails that have been sent to the legitimate server's domain. Both, when combined, will either prevent or help email server admins identify SMTP man-in-the-middle attacks against their email traffic.
You're not even trying. (Score:5, Insightful)
Two front-page dupes in the same day.
Aren't your Arabian overlords paying you enough to get decent sleep and / or caffeine?
I know dupes are a time-honored /. tradition, but for fuck's sake, people... y'know, nevermind. Par for the course for 21-st century. No one gives a fuck about quality anymore.
Re: (Score:3, Insightful)
That's because BeauHD is fucking retarded.
"Do you not have editors?!" (Score:2)
Yeah, yeah, the meme of /. "editors" being useless continues for another year.
Re: (Score:2)
It's not a meme when it's true, and not funny.
Duuuuuuuuuupe!!! (Score:2)
And I repeat...
Duuuuuuuuuupe!!!
Re: (Score:1)
Skeptic in me says they have ulterior motives (Score:1)
Such as cornering the market for harvesting e-mail content to sell us more targeted ads. Just my opinion.
more interested in tech to secure it from google (Score:2)
premise is wrong (Score:4, Insightful)
man in the middle absolutely not the big problem in "today's email landscape". Company emial servers not getting invalid MX lookups to other business. Spam, malware and phising emails are the problem. Let's eliminate that first before worrying about this chickenshit little problem
Spam is NOT a technical problem (Score:2)
As usual, the technology remains morally neutral, but another technical bandage is NOT a real solution. Just another flavor of "Live and let spam", and the REAL objective of such weak-@ssed technical approaches is to deny liability for any harms done.
The specific aspect of spam that bugs me most is the time wasted. If the google was liable for all the time wasted by their support of spam, I think they'd be bankrupt, even at minimum wage rates. Other people might be more annoyed by the abuse of corporate rep
Protects your content (Score:1)
What about encrypted email? (Score:2)
What they're really saying? (Score:1)
Sounds like what they're really saying is they're enforcing certificates. No certificate, no e-mail. Certificate that's not signed by a valid CA, no e-mail. If you check out - you can send e-mail to us.
I'm surprised that they're the first ones to do this and so late. They were tough to send mail to even years ago.
"Now, let's talk about the lein being put on your house by the IRS." A woman actually used that with me on the phone recently. I was on to her of course.