EFF's Mission to Make Email Servers More Secure
Email security starts with system admins.
Email security is crucial for organizations, both public and private, and the non-profit digital rights group Electronic Frontier Foundation is leading the charge to make email servers more secure.
The organization announced Monday its new project, "STARTTLS Everywhere." It aims to help server admins run STARTTLS emails servers correctly, Engadget reports.
STARTTLS is a protocol that sets up a communications channel between two servers, using certificates. It encrypts and decrypts email as it is sent. It has been around since 1999, so IT professionals are plenty familiar with the security method. According to Google, it's operational on almost 90 percent of online email servers. According to the EFF, it's often done incorrectly.
"The ecosystem is stuck in a sort of chicken-and-egg problem: no one validates certificates because the other party often doesn’t have a valid one, and the long tail of mailservers continue to use invalid certificates because no one is validating them anyway," writes Sydney Li and Jeremy Gillula of the EFF.
This leaves a big security gap.
EFF isn't alone in this mission, either. The Homeland Security Department recently required agencies to secure their email through DMARC and STARTTLS.
So what does the initiative do, beside's raise awareness? The EFF provides software that system admins can run on their email servers to get a valid certificate from Let's Encrypt. The software will also configure the email server's software to present the certificate to other servers.
The software will also have a list of other email servers known to support STARTTLS, which helps servers better detect attacks.