UPDATED 13:42 EST / MARCH 21 2016

NEWS

Google, Microsoft and other tech giants team up to fix email security

The proportion of inbound messages that arrive in Gmail properly encrypted has jumped from 50 percent to nearly 70 percent over the past two years, a figure that Google Inc. expects will continue to increase as providers around the world strengthen their security capabilities. But the remaining emails that are still being sent in a plain-text format leave user privacy at serious risk. After years of quietly chipping away at the issue, the search giant and a handful of other web giants are taking the matter into their own hands with a new initiative targeting the outdated technology at the crux of the matter.

The Simple Mail Transfer Protocol (SMTP) has powered most of the world’s email communications since the early 1980s, when the Internet was still a novelty reserved exclusively for government agencies and schools. It’s been revised numerous times since, most recently in 2008, yet has failed to keep up with the fast-evolving security requirements of the modern web. As a result, users are not afforded any sort of inherent protection against the hackers and other prying eyes interested in compromising their private messages. Google, Microsoft Corp., Yahoo Inc. and the three other participants in today’s newly announced effort are proposing to enhance the technology with a specialized security mechanism that can guarantee an email is only read by its intended recipient.

It’s the same goal the companies sought to realize a few years ago with STARTTLS, an extension for SMTP that can automatically apply encryption to messages sent in a plain text format. The mechanism was adopted by several major email providers at the time, but ultimately fell short of changing the status quo due to its loose enforcement approach: The software allows communications to pass unhindered through an unsecure connection if it fails to kick into effect for some reason. And the user isn’t even notified about the issue after the fact, which means that hackers effectively have free reign to intercept data.

In contrast, the new alternative that Google and its partners are now proposing prevents messages from being transmitted if it’s unable to establish an encrypted connection. SMTP STS, as the mechanism is called, also requires the server on the receiving end to verify its legitimately and lets the user know exactly why their their email is blocked in the event of a problem. The functionality can thus effectively cut off a negligent provider from peers that use the extension, which should provide a strong incentive to implement effective privacy controls.

SMPT STS is set to have a particularly big impact on consumers in developing countries, where email providers are often slower to adopt new standards than their Western counterparts. The prospect of being unable to process messages from Gmail, Exchange and Yahoo Mail should persuade even the most stubborn company to catch up with the times.  First, however, Google and its partners will need to have the standard approved by the Internet Engineering Task Force, a process that will likely take some time.

Image via Pixelcreatures

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU