STRIPTLS Attacks and Email Security

Major email providers such as Google, Yahoo, and Outlook encrypt and authenticate their emails. However, not all businesses are quick to follow these best practices. Many email organizations use SMTP (Simple Mail Transfer Protocol) the Internet standard for email transmission. Unfortunately, SMTP was not built with encryption or authentication in mind and SMTP email security relies solely on the SMTP server extension configurations. Since their introduction, SMTP extensions (such as STARTTLS, DKIM, DMARC, and SPF) offer the email security that SMTP lacks, but the retrofitted security extensions come with their own difficulties.

According to new research by Elie, 82% of the 700,000 Alexa Top Million SMTP servers actually encrypt traffic, and of that 82%, only 35% have configured encryption protocols correctly for server authentication. These incidences of low adoption rates of encryption and authentication coupled with improper configuration can lead to a STRIPTLS attack.

STRIPTLS Attacks

STARTTLS, as it was introduced in 2002, was meant to protect SMTP server-to-server connections against passive monitoring using “opportunistic encryption.” If properly configured, the encryption begins with a TLS handshake. A client connects to the intended SMTP server, and then the client sends the command “STARTTLS” to the server. After the client and the server complete the handshake all messages between the two are encrypted for that session.

The problem with STARTTLS is that the encryption is “opportunistic,” meaning that messages will not be encrypted if the mail server does not support STARTTLS or if the handshake cannot be completed because of improper configuration of the protocol. Also, in a majority of cases the SMTP servers do not validate the certificates. In these instances, the mail server will relay the message in cleartext.

An attacker could exploit this flaw by intentionally downgrading the STARTTLS to an unencrypted connection by replacing STARTTLS with a nonsensical string of commands. When the mail server encounters the unknown commands, it downgrades the connection to allow the email to go through. Without the encryption an attacker would be able to read and even modify the email.

An example of this type of attack happened for Google and Yahoo severs in Thailand. Attackers performed a STRIPTLS attack and were able to compromise users’ login credentials.

The Takeaway

When SMTP extensions (such as STARTTLS) are supported and configured properly, SMTP email security can provide email privacy. But opportunistic encryption, SMTP server misconfigurations, and lack of support for the extensions gives attackers leverage as they try to compromise your email privacy.

End-to-end encryption using email encryption S/MIME certificates (such as DigiCert Premium and Email Security Plus Client Certificates) is the only way to ensure that emails are kept private and can only be read by the intended recipient. While STARTTLS encrypts the channel that the email passes through, an Email Encryption S/MIME Certificate encrypts the email before it is sent, ensuring that any intercepted emails are safe.