Updated Transport Layer Security (TLS) Server Identity Check Procedure for Email-Related Protocols

Melnikov, Alexey

doi:10.17487/rfc7817

Cited by 7 publications

(8 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• The STARTTLS extension [16], [19] to SMTP allows the use of TLS in communications between SMTP clients and servers. Specifically for MTA-to-MTA communication, every inbound MTA that supports this extension announces it by including the keyword "STARTTLS" in the response to the SMTP Extended Hello ("EHLO") command issued by the outbound MTA.…”

Section: B Email Security Standardsmentioning

confidence: 99%

What Email Servers Can Tell to Johnny: An Empirical Study of Provider-to-Provider Email Security

2020

View full text Add to dashboard Cite

With hundred billions of emails sent daily, the adoption of contemporary email security standards and best practices by the respective providers are of utmost importance to everyone of us. Leaving out the user-dependent measures, say, S/MIME and PGP, this work concentrates on the current security standards adopted in practice by providers to safeguard the communications among their SMTP servers. To this end, we developed a non-intrusive tool coined MECSA, which is publicly available as a web application service to anyone who wishes to instantly assess the security status of their email provider regarding both the inbound and outbound communication channels. By capitalising on the data collected by MECSA over a period of 15 months, that is, ≈7,650 assessments, analysing a total of 3,236 unique email providers, we detail on the adoption rate of state-of-the-art email security extensions, including STARTTLS, SPF, DKIM, DMARC, and MTA-STS. Our results indicate a clear increase in encrypted connections and in the use of SPF, but also considerable retardation in the penetration rate of the rest of the standards. This tardiness is further aggravated by the still low prevalence of DNSSEC, which is also appraised for the email security space in the context of this work.

show abstract

Section: B Email Security Standardsmentioning

confidence: 99%

What Email Servers Can Tell to Johnny: An Empirical Study of Provider-to-Provider Email Security

2020

View full text Add to dashboard Cite

show abstract

“…Clients MUST implement the certificate validation mechanism described in [RFC7817]. Once the TLS session is established, POP3 [RFC1939] protocol messages are exchanged as TLS application data for the remainder of the TCP connection.…”

Section: Implicit Tls For Popmentioning

confidence: 99%

“…Clients MUST implement the certificate validation mechanism described in [RFC7817]. o All Mail Access Servers and Mail Submission Servers implementing TLS SHOULD log TLS cipher information along with any connection or authentication logs that they maintain.…”

Section: Implicit Tls For Imapmentioning

confidence: 99%

“…Mail servers supporting the SNI need to support the post-SRV hostname to interoperate with MUAs that have not implemented [RFC6186]. For more discussion of this problem, see Section 5.1 of [RFC7817].…”

Section: Tls Server Certificate Requirementsmentioning

confidence: 99%

“…The certificates for these servers are verified using the rules described in [RFC7817] and PKIX [RFC5280]. In the event that the certificate does not validate due to an expired certificate, a lack of an appropriate chain of trust, or a lack of an identifier match, the MUA MAY offer to create a persistent binding between that certificate and the saved hostname for the server, for use when accessing that account's servers.…”

Section: Certificate Pinningmentioning

confidence: 99%

See 2 more Smart Citations

Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access

Newman¹,

Moore²

2018

View full text Add to dashboard Cite

Bibliography

2020

IP Address Management

View full text Add to dashboard Cite

Updated Transport Layer Security (TLS) Server Identity Check Procedure for Email-Related Protocols

Cited by 7 publications

References 21 publications

What Email Servers Can Tell to Johnny: An Empirical Study of Provider-to-Provider Email Security

What Email Servers Can Tell to Johnny: An Empirical Study of Provider-to-Provider Email Security

Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access

Bibliography

Contact Info

Product

Resources

About