Google, Yahoo, Comcast, Microsoft, and more want to make sure your emails are safe while in transit.
For all its detractors, email is still one of the most popular ways to communicate in the digital age.
But are your messages secure?
A group of top email providers—Google, Yahoo, Comcast, Microsoft, LinkedIn, and 1&1 Mail & Media Development—teamed up to create a new security standard for how your emails make their way to your inbox.
Their proposal was submitted for consideration late last week to the Internet Engineering Task Force.
At issue is the Simple Mail Transfer Protocol (SMTP), which dates back to the 80s and handles the transfer of email messages in the pre-Internet era.
But it sends things in plain text, making it very easy for hackers to intercept.
A 2002 upgrade known as STARTTLS added a layer of encryption, but it was not widely adopted and also has its flaws: vulernability to man-in-the-middle attacks and encryption downgrades.
The email providers, therefore, are pushing SMTP STS, which checks that the email recipient’s platform policy supports the protocol and that its encryption certificate is authentic before letting your message through.
“SMTP STS is a mechanism enabling mail service providers to declare their ability to receive TLS-secured connections, to declare particular methods for certificate validation, and to request sending SMTP servers to report upon and/or refuse to deliver messages that cannot be delivered securely,” the draft proposal said.
Issued on Friday, the motion expires on Sept. 19, giving the Internet Engineering Task Force six months to mull over the possibilities.
As of Feb. 27, encryption protected 77 percent of requests sent from computers around the world to Google’s servers, up from 52 percent at the end of 2013, according to new figures, the search giant revealed last month.