Google, Microsoft, Yahoo, Comcast and LinkedIn have joined forces to create a new email mechanism that makes sure the messages you send are encrypted. In the proposal they’ve submitted to the Internet Engineering Task Force, these tech titans called their creation SMTP Strict Transport Security (SMTP STS). See, the underlying technology behind email has remained largely unchanged since it first became available. An encryption system was introduced some time ago — and big email providers like Gmail do use it — but it’s susceptible to man-in-the-middle attacks.
For instance, a hacker could insert a fake digital certificate, and the system would recognize it as authentic. That means you could end up sending email to an unsecured server without you knowing. Further, it could continue sending your message even if it detects that the server isn’t secure.
The new system can prevent either scenario from happening. It checks if the domain you’re sending to supports SMTP STS and makes sure its encryption certificate is authentic and up to date. If everything checks out, it allows your message to go through. But if it detects something suspicious, it will stop the email from sending and will notify you of the reason.
It’s safe to say that the companies involved will incorporate the technology into their services if it gets approved — it’s their engineers’ creation, after all. In that case, the encrypted messages sent out and received by Gmail could go up from 83 to 69 percent, respectively, to a hundred percent.
Source: Internet Engineers Task Force