Gmail Becomes First Major Email Provider To Support MTA-STS and TLS Reporting

Google announced this week that Gmail has become the first major email provider to support two new security standards, namely MTA-STS and TLS Reporting. From a report: Both are extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through which all emails are sent today. The purpose of MTA-STS and TLS Reporting is to help email providers establish cryptographically secure connections between each other, with the main goal of twarthing SMTP man-in-the-middle attacks. SMTP man-in-the-middle attacks are a major problem for today's email landscape, where rogue email server operators can intercept, read, and modify the contents of people's emails. The two new standards will prevent this by allowing legitimate email providers to create a secure channel for exchanging emails.

It it doesn't use blockchain

[cdsparrow]

I want nothing to do with it!

Re: It it doesn't use blockchain

I don't think google actually listens to emails contrary to what has been said about them

Skeptic in me says they have ulterior motives

[JoeyRox]

Such as cornering the market for harvesting e-mail content to sell us more targeted ads.

Re:Skeptic in me says they have ulterior motives

[s0lar]

Skeptic in me says they have ulterior motives

I am sure they do... yet this feature is not visible to end-user really. Well, they will probably add a little line item or an icon to indicate that the inbound delivery was secured. Yet that has little to do with the email's content which, by definition, is either transferred from GMail's storage or transferred into it.

Re:Skeptic in me says they have ulterior motives

It has to do with making it harder for non-Google / Microsoft / ... companies to host their own mail servers without their legitimate email being rejected by Google / Microsoft / ... servers, therefore making it easier to advocate for mail servers to be outsourced (to them of course).

Re:Skeptic in me says they have ulterior motives

[swillden]

Such as cornering the market for harvesting e-mail content to sell us more targeted ads.

I strongly doubt that the Gmail security team ever thinks about advertising at all. I also doubt that any executive in the advertising division ever heard about this before it launched. The nature of Google is that nearly all of these initiatives are bottom up, with little or no coordination across divisions. If something one group is doing seems like it might actively harm another, then that gets escalated. Otherwise, there's not much central planning, not at this level of detail.

Re:Skeptic in me says they have ulterior motives

[AmiMoJo]

They stopped doing that in 2017. Aside from anything else there were lawsuits over non-Gmail users having their messages scanned when Gmail users received them. The advertising on Gmail, assuming you don't block it, is now based on data from other Google services you use.

Ads injected into your emails when?

"SMTP man-in-the-middle attacks are a major problem for today's email landscape, where rogue email server operators can intercept, read, and modify the contents of people's emails. "

Google/Alphabet does the first two then pinky-swears to not do the third.

Re:Ads injected into your emails when?

[nadass]

They're already working on the AMP for Email standard -- where email self-modify their contents on-the-fly.

Re:Ads injected into your emails when?

Since only "rogue" email server operators do these things, that mere means that one ought to ensure that their chosen email server operator is trustworthy. In any event, I really do not see how any of this will address this "major problem" ... though the existance of this "major problem" is news to me and I have been operating my own SMTP server since Google/Alphabet was just a brown stain running down the crack of its momma's and leaving a stain on the mattress.

Re:Ads injected into your emails when?

Except that they stopped scanning emails and only crazy conspiracy theorists still repeat this nonsense.

Re: Ads injected into your emails when?

Well Mr... Shillington? Shilly McShillington? Really? Anyway, well Mr Shillington, since Google had been scanning peoples email and still do all sorts of creepy privacy-raping monitoring and tracking, its very reasonable to assume in the absence of further information that they're still doing it. Do you have a link to their original official cease announcement? Just interested to see what weasel words were used, if any, to indicate whether its genuine or a figleaf.

Twarthing?

[cyber-vandal]

Come on editors.

Google stops OTHER bad actors from reading email

While this is an improvement, Google's motives are suspect. I suggest instead an end-to-end encryption extension to SMTP. We could call it FU-GOOGLE.

Nothing to see here

[cmaurand]

My servers have been negotiating TLS connections for years. What's all this about?

Re:Nothing to see here

Gmail Becomes First Major Email Provider To Support MTA-STS and TLS Reporting

My servers have been negotiating TLS connections for years.

Are you a "Major Email Provider"?

What's all this about?

Google feeling the heat of protonmail.

Re:Nothing to see here

It's Google (or Microsoft, Mozilla, etc) and therefore BAD!!1

Re:Nothing to see here

[s0lar]

Are you sure that you are talking about the server-to-server connections rather than client-to-server ones? The latter have been using TLS for a long time, yes.

Re:Nothing to see here

[caseih]

Yes, server to server. My postfix server has been attempting to StartTLS on every outgoing port 25 connection to other mail servers. Many servers (but not all) will speak TLS on port 25.

Re: Nothing to see here

Mta-sts allows you to signal to senders that you only want to receive mail over TLS with a valid cert.

Re:Nothing to see here

[Justus]

MTA-STS is analogous to HSTS (HTTP Strict Transport Security). It's a way for MTAs to express that a connection _must_ be encrypted, so if your server connects and attempts a StartTLS that fails, you can distinguish between "doesn't support TLS" and "something fishy is going on." In the latter case the server can avoid sending mail through a possibly-compromised connection.

TLS Reporting is an extension whereby MTA operators can get reports from other MTAs on which mails succeeded or failed. That is, it lets you see how many mails weren't sent due to MTA-STS failures, which could give you an indication that someone is attempting to attack your users.

Re:Nothing to see here

This is to make it so that you *HAVE* to by "approved" TLS certificates from *approved* certificate authorities, and you now HAVE TO ALSO RUN an HTTPS server (with appropriate *approved* TLS certificates from *approved* certificate authorities)., and accept and execute third-party code and accept, process, and store unsolicited email messages which may contain huge amounts of data and/or unsolicited HTTPS POSTS "from anywhere".

In other words it is some johhny-cum-latelys who read on a cereal box that e-mail transport is insecure and they want to "fix" that by adding complication rather than addressing the actual problem.

These are the same idiots that thought that DKIM would "fix" the spam problem (rather than just resulting in spam being DKIM signed).

Re:Nothing to see here

[swillden]

My servers have been negotiating TLS connections for years. What's all this about?

What do your servers do when they attempt to negotiate a TLS connection with another SMTP server, but the other server doesn't appear to support TLS? Do they refuse to connect and deliver email? Or do they shrug and deliver it anyway?

The latter is what you have to do, because not every SMTP server supports TLS. MTA-STS provides a way for your server to check whether a given remote server is expected to support TLS. If yes, and if the TLS negotiation fails, your server can safely assume that something funny is going on and refuse to deliver the mail. If no, then your server can safely assume that the remote server probably really doesn't support TLS, and that probably nothing funny is going on.

The root problem is that TLS can only defend against active attacks if it's mandatory. As long as the sending server is willing to fall back to a non-TLS connection, then TLS does nothing against active attacks. It still protects against passive eavesdropping, so it's not useless, but it's much less useful. Being able to know for sure when you should demands TLS fixes this -- at least for the servers that support TLS and advertise the fact through MTA-STS.

Re:Nothing to see here

[marka63]

Well our servers use DANE and TLSA records so they don't fallback if the site has published the record.

MTA-STS depends on DNSSEC working while, paradoxically, claiming it is needed to avoid DNSSEC. Go analyse the protocol.

The majority of the worlds authoritative server to recursive server DNS lookups are DNSSEC validated today though the result of that validation may be "insecure". MTA's that support DANE also validate DNS responses. There was never a need for MTA-STS. Just deploy DANE. It isn't subject to the attacks MTA-STS is.

What is the bloody point?

No matter how secure the pipelines, it still ends up at Google? If you are worried about security, you should not be using their data-harvesting services in the first place!

who cares

They can support Support MTA-STS and TLS Reporting all they want. Inbox was still better.

Re: who cares

A persistent myth

How much is a twarthing?

Is that worth two farthings?

Transport or Network layer Encryption

[ironicsky]

I keep thinking, we keep creating application and service level encryption to protect data transmission - but why not at the stack level, or one level deeper - the transport or network layer? Each physical network device should create a public/private key encrypted connection per remote host they are connecting to, and store that key in an on-chip storage that gets orphaned or erased when the connection closes.

It seems to me that if we added a deeper level of strong encryption to the physical devices then application level encryption becomes a 2nd level of protection as redundancy. I'm sure people much smarter than me have thought of this, but why has it not become standard?

Re:Transport or Network layer Encryption

[cdsparrow]

Good luck getting any hardware manufacturers getting something like that made on any large scale. Countries don't want encrypted communications.

Re:Transport or Network layer Encryption

Something like opportunistic IPSEC? https://libreswan.org/wiki/HOWTO:_Opportunistic_IPsec_using_LetsEncrypt

CA's and DANE better

Rather than relying on "trusted" CA's, many in countries known for hacking/cracking, we use our own full featured CA and support validation of our email certificates using DANE in our authoritative DNS.

Simply insist on STARTTLS and promote an approach that's close to current technology.

Any non-end-to-end encryption is crap

[ffkom]

Why would I want to secure only segments of the information transfer when this means there are still plenty of points where adversaries can tamper with my email? The better solution has been around for decades already, it's called end-to-end encryption, and implemented for example by GPG.

Re:Any non-end-to-end encryption is crap

Why would I want to secure only segments of the information transfer when this means there are still plenty of points where adversaries can tamper with my email? The better solution has been around for decades already, it's called end-to-end encryption, and implemented for example by GPG.

Because masses of clueless morons hate learning new things so they won't put in the small effort it would take to learn how to use GPG. These are people who will actively resist learning. They are willing to put more effort into resisting it than the learning itself would require. They vastly outnumber the clueful. As you say, end-to-end encryption has been around for decades. There's a reason it's not already standard.

This is simply the reality that some progress is better than no progress. The one good thing about this approach is that it only depends on a few clueful people to implement.

Re:Any non-end-to-end encryption is crap

Why would I want to secure only segments of the information transfer when this means there are still plenty of points where adversaries can tamper with my email? The better solution has been around for decades already, it's called end-to-end encryption, and implemented for example by GPG.

Because masses of clueless morons hate learning new things so they won't put in the small effort it would take to learn how to use GPG. ...

Google, and other webmail providers, could implement GPG and/or S/MIME support in their web clients. Javascript to do all the work already exists. Storage of the certs is a minor issue, but gmail could store them server side and encrypt with the users password (PBKDF2 or similar applied first), or store them in HTML5 Web Storage on the users machine (possibly a configurable option - like,"Are you connecting from a public computer" type of thing). They could start by signing all emails, which would allow all recipients everywhere to detect if the message was tampered with (or it'd be tampered with and have the sig stripped).

If they did that, it'd take off. Stuff like HSTS (HTTP Strict Transport Security) would be added to indicate "email from this user should always include a crypographic sig, so alert if it doesn't". Once connections are mapped, gmail (and others) would know which recipients can accept an encrypted message, and could offer that, or enable it by default when possible. And this would all work fine with standard clients as well.

Google is in a tough spot here. They want to be good and add security, but they can't do anything that'd gut their only revenue option with email... if they did end-to-end encryption, they wouldn't be able to read your email and sell info for advertisers. So instead of doing the right thing, they're adding bunches of more convoluted and less standard stuff. This has little to do with how ignorant the masses are - we need to make it transparent for them to use this stuff.

Re:Any non-end-to-end encryption is crap

Well, had you read the article, the aim is to get the other providers onboard. Then, there will be a reason for smaller ISPs to support it (that's if they want their customer's email delivered).

It still isn't end-to-end. That's where S/MIME, PEM, and PGP mail come into play (we'd need all mail clients to support them, however).

I don't know what the rate of MITM attacks on SMPT servers is, but somebody thinks it's clearly a problem not having encrypted or authenticated channels.

Re:Any non-end-to-end encryption is crap

[AmiMoJo]

Thanks to Snowden we know that the NSA likes to collect and attack email in transit between servers, and doubtless it's popular with other spy agencies. This largely fixes those vulnerabilities.

Consider that it's much riskier for the NSA to infiltrate data centres to get at these emails now. The risk of detection is much higher, compared to simply sniffing them off the wire on some anonymous backbone router somewhere.

Re:Any non-end-to-end encryption is crap

Google is in a tough spot here. They want to be good and add security, but they can't do anything that'd gut their only revenue option with email... if they did end-to-end encryption, they wouldn't be able to read your email and sell info for advertisers. So instead of doing the right thing, they're adding bunches of more convoluted and less standard stuff. This has little to do with how ignorant the masses are

You really don't see the connection there?

Re:Any non-end-to-end encryption is crap

[Lost+Race]

Encrypting email "end-to-end" (i.e. at the MUA) leaves the envelope unencrypted, because the MTA needs that info to deliver the message. SSL prevents snooping of the envelope info between MTAs.

Why?

[Actually,+I+do+RTFA]

Normally, when I consider "protecting my information from eavesdropping", the eavesdroppers I'm concerned about are Google (or Facebook, or Amazon, or similar companies.)

Good technically, but still Orwellian branding

It's another attempt by Google to confuse the market that they value your privacy, by pushing encryption of in-transit private user data to their very not-private email servers.

Previously they forced Https on sites or downgraded them in search results for jon-compliance.

Don't get me wrong. You can't trust the SOBs running the wires anymore, so transport encryption isn't a bad idea. I have had opportunistic SMTP-TLS (and DMARC reporting) on my mail servers for years, and notably, gmail was one of the first doing it consistently.

Google's Orwellian marketing is depressingly brilliant at their branding work here.

Twarthing attacks

[Spazmania]

I too wish to twarth attacks. If you ask nicely, I might even try to thwart them.

Spam is still not a technical problem

[shanen]

Yep, I didn't realize it was a dupe either, but I'll repost the same comment:

As usual, the technology remains morally neutral, but another technical bandage is NOT a real solution. Just another flavor of "Live and let spam", and the REAL objective of such weak-@ssed technical approaches is to deny liability for any harms done.

The specific aspect of spam that bugs me most is the time wasted. If the google was liable for all the time wasted by their support of spam, I think they'd be bankrupt, even at minimum wage rates. Other people might be more annoyed by the abuse of corporate reputations. Or maybe you're annoyed by the abuse of personal information? Or the entry-level-crime argument, especially for phishing and identity theft?

Anyway, I always want to see the solutions. So what am I doing on Slashdot these years?

My favored solution approach is to go after the spammers' business models. There's even an obvious proof of concept. Where is all your pump-and-dump stock-scam spam? Gone, gone, gone. Because they went after those spammers' business model--though only after several research papers proved that the scam worked so well it was like printing money.

Why aren't such approaches being adopted? My theory is because they'd have to work with us. To really fight the spammers effectively they'd need to collaborate with the potential victims. One part of it is that we are the only ones who know our side of the targeting. It doesn't matter how good the spam looks if I actually know that I've never done business with that bank, eh? But the bigger part is that they don't want to reveal how much of our personal information they are already holding. They don't have to ask me for such categories of information because they probably have all the details already. Probably even the account numbers.