Internet Service Providers Stripping STARTTLS Flag

According to the Electronic Frontier Foundation a number of Internet Service Providers are stripping the STARTTLS flag from their customer's email sessions. STARTTLS is a protocol that encrypts emails between origin and destination servers, but leaves the plaintext contents of email completely accessible on the servers. The property of STARTTLS which allows ISPs to deny their customers to use it is explicitly baked into the protocol.

To begin a STARTTLS session a flag must be transmitted in plaintext. This means that it can be stripped out of the communication with common network equipment and configurations between the communications endpoints. Doing this is often promoted as a measure to assist in the fight to control spam volumes. What happens in the absence of the flag though is that both parties continue communicating as though STARTTLS isn't a thing, and transmissions continue to happen in plaintext.

The actual impact of Internet Service Providers stripping this flag should be very small for two reasons:

  1. With any protocol with as many inbuilt, intermediary points of failure as STARTTLS its absence should be assumed. Any success it might have is just a bonus.
  2. Strong end to end encryption for email exists.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>