STARTTLS Email Crypto Is Mostly Done Wrong

By   ISBuzz Team
Writer , Information Security Buzz | Jun 26, 2018 12:00 pm PST

The Electronic Frontier Foundation (EFF) announced a new project named STARTTLS Everywhere that aims to provide guidance to server administrators on how to set up a proper email server that runs STARTTLS the correct way. As according to this report, it’s mostly done wrong.

STARTTLS Everywhere is similar to Let’s Encrypt, another pro-encryption initiative the EFF launched together with Mozilla and Cisco two years ago. Ilia Kolochenko, CEO and Founder at High-Tech Bridge commented below.

Ilia Kolochenko, CEO and Founder at High-Tech Bridge:

“It’s a laudable initiative that’s been necessary for a while already. At High-Tech Bridge, we acknowledge the global problem of poor email encryption, as we provide a free service to test SSL/TLS encryption of any email servers. So far, over 30 million servers were tested. One can also verify if his or her email server encryption settings are compliant with PCI DSS, HIPAA and NIST guidelines. This can help improve the current situation when as few as 14.5 % of email servers have an A score for SSL/TLS (stats and details:”