Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Simple Mail Transfer Protocol
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====STARTTLS or "Opportunistic TLS"==== {{Main|Opportunistic TLS|Email encryption}} The STARTTLS extensions enables supporting SMTP servers to notify connecting clients that it supports [[Transport Layer Security|TLS]] encrypted communication and offers the opportunity for clients to upgrade their connection by sending the STARTTLS command. Servers supporting the extension do not inherently gain any security benefits from its implementation on its own, as upgrading to a [[Transport Layer Security|TLS]] encrypted session is dependent on the connecting client deciding to exercise this option, hence the term [[Opportunistic TLS|''opportunistic'' TLS]]. STARTTLS is effective only against passive observation attacks, since the STARTTLS negotiation happens in plain text and an active attacker can trivially remove STARTTLS commands. This type of [[man-in-the-middle attack]] is sometimes referred to as [[STRIPTLS]], where the encryption negotiation information sent from one end never reaches the other. In this scenario both parties take the invalid or unexpected responses as indication that the other does not properly support STARTTLS, defaulting to traditional plain-text mail transfer.<ref name=":0">{{Cite web|url=https://www.hardenize.com/blog/mta-sts|title=Introducing MTA Strict Transport Security (MTA-STS) {{!}} Hardenize Blog|website=www.hardenize.com|access-date=2019-04-25|archive-date=April 25, 2019|archive-url=https://web.archive.org/web/20190425063147/https://www.hardenize.com/blog/mta-sts|url-status=live}}</ref> Note that STARTTLS is also defined for [[Internet Message Access Protocol|IMAP]] and [[Post Office Protocol|POP3]] in other RFCs, but these protocols serve different purposes: SMTP is used for communication between message transfer agents, while IMAP and POP3 are for end clients and message transfer agents. In 2014 the [[Electronic Frontier Foundation]] began "STARTTLS Everywhere" project that, similarly to "[[HTTPS Everywhere]]" list, allowed relying parties to discover others supporting secure communication without prior communication. The project stopped accepting submissions on 29 April 2021, and EFF recommended switching to [[DNS-based Authentication of Named Entities|DANE]] and MTA-STS for discovering information on peers' TLS support.<ref>{{cite web |title=STARTTLS Everywhere |url=https://starttls-everywhere.org/ |publisher=EFF |access-date=4 December 2021 |language=en |archive-date=August 9, 2019 |archive-url=https://web.archive.org/web/20190809085808/https://www.starttls-everywhere.org/ |url-status=live }}</ref> {{IETF RFC|8314|}} officially declared plain text obsolete and recommend always using TLS for mail submission and access, adding ports with implicit TLS.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)