SMTP STARTTLS Deployments Better than Expected, Facebook Says

Facebook dug into the prevalence of SMTP STARTTLS deployments for email encryption and found that 58 percent of messages are sent encrypted and certificate validation happened without a hitch.

As more service providers understand and embrace the importance of encrypting online communication, certain technologies are being elevated to the forefront of conversations.

Perfect Forward Secrecy and HTTP Strict Transport Security (HSTS) are two that generally top most lists, but another, SMTP STARTTLS, merits attention according to researchers at Facebook.

A report released today includes a plea for organizations to deploy STARTTLS, which in this case is an extension to SMTP that allows clients and servers to encrypt messages. With SMTP STARTTLS, both ends of the conversation must support the extension, or a message is sent in plain text.

Facebook said today that STARTTLS support has achieved “critical mass,” and backs that up with data that indicates 76 percent of unique MX (mail exchange) hostnames that receive email from Facebook such as notifications support the extension. Facebook said that 58 percent of its notification email messages were successfully encrypted and that certificate validation passed for about half of the encrypted email. The other half were opportunistically encrypted, Facebook said.

“It’s clear to us that STARTTLS has achieved critical mass and there is immediate value in deploying it,” Facebook said. “We encourage anyone who has not already deployed STARTTLS to at least deploy it for opportunistic encryption. As more systems support email encryption, the value increases for everyone.”

Facebook uses STARTTLS to encrypt email in transit, yet wanted to test the thinking that the technology isn’t widely deployed using a one-day sample of notification email from its logs.

“Our system attempts to negotiate TLS encryption with every SMTP server it connects to which advertises the STARTTLS capability. If the negotiation is successful, we encrypt the email and send it on,” Facebook said. “If we can’t successfully negotiate, then we send the email unencrypted. We log the results in either case, including the negotiated cipher suite and attributes of the certificate presented by the server when we are successful.”

Facebook learned that strict validation, or completely successful TLS negotiations, happened in 30 percent of cases, while in another 28 percent, opportunistic encryption happened where a TLS cipher suite was negotiated, but the certificate did not pass strict validation.

“These results show that STARTTLS support is widely deployed, but that there are also widespread issues with certificates,” Facebook said.

Far and away, the biggest reason for certificate failure is a mismatch between the cert and the hostname, dwarfing instances where there is an untrusted CA involved, or an expired or self-signed certificate.

Facebook also looked at the strength of cipher suites in its research. Most email is sent with either the ECDHE-RSA-RC4-SHA or DHE-RSA-AES256-SHA cipher suite; either is preferred by most email providers. AES 128-SHA is the next most widely used cipher, but it does not support Perfect Forward Secrecy, which many experts advise should be a default encryption option for new implementations. Most cipher suites, do however, support Perfect Forward Secrecy; 99 percent of email is sent this way.

“We see two high priority areas for improvement,” Facebook said. “First, we encourage the industry to work together to develop better tools for preventing mismatched certificates. Second, we encourage everyone to deploy support for opportunistic encryption via STARTTLS.”

Suggested articles