Let’s start with SMTP. Simple Mail Transport Protocol. This is how e-mail gets sent. This is how e-mail makes it from you, to your recipient. When you check your e-mail, you use POP or IMAP to get the e-mail from the server. But when you’re sending e-mail, you use SMTP. SMTP is how your mail client communicates with your mail server, and then how your mail server communicates with other mail servers to deliver your precious e-mail to it’s destination.
SMTP has been around since 1982 and is used everywhere. It works, but it’s lacking in many ways, most of which are out of scope for this posting.
Basically the way it works is:
you write an e-mail to your mother (really, you should be calling your mother, but for the sake of this example, you can e-mail her). You click the send button, and your e-mail client (Maill.app, Outlook, etc…) opens up a connection to your mail server (most likely provided by your ISP) and says “Hi, I’d like to send an e-mail”, your mail server says “ok, go for it.”, and your mail client says “to:[email protected] subject:hi mom body:Mom, I’m outta money and my clothes are all dirty…”. Your mail server then looks up the mail server for mom.com. Then it opens up a connection to the mail server for mom.com. It says “Hi mail server, I have an e-mail for [email protected], here it is: blah blah blah”. Then when your mom checks her e-mail, she sees your e-mail.
Sometimes usernames and passwords are included with this, to identify your rights to send e-mail through a given mail server.
So here is the fundamental issue I’d like to bring up: your username, password, what you write, and who you write to, are all sent, in plain text, between many computers and across many network connections. Intercepting e-mails, usernames, passwords, and more is very simple.
SMTPS is basically SMTP done over SSL. SSL is the same encryption technology used to make using your credit card on web pages safe and secure. This prevents anyone from snooping on your e-mails. Every single major mail client and mail server supports SMTPS. For some reason by default they just use SMTP.
The only reason I can think of for this, is that in order to use SMTPS, each server needs a SSL Certificate. Universally trusted certificates cost money and have to be installed. Self-signed certificates are free and easy to create, however, they don’t guarantee the identity of the server. So I can picture someone saying “since getting a trusted signed certificate can be a pain, we should default to non-encrypted transport, and just use SMTP.”
Here is the problem with that potential logic: let’s assume that instead of the current system, mail servers defaulted to creating self-signed SSL certificates automatically (with the option to install your own validated signed certificates if you have them), and defaulted to providing SMTPS and attempting SMTPS connections before falling back to SMTP if SMTPS is unavailable. It’s true that server identity validation won’t be provided by self-signed certificates, but we don’t have that now, so it’s no real loss. What we would get out of this is automatic encryption for all mail transport, protecting passwords and e-mail contents, with no effort.
Thoughts?
This idea plays into my larger scope thought, slowly being explained here.
Leave a Reply