3 Comments

Summary:

Facebook recently conducted a short study to see whether or not mail providers are actively using STARTTLS to deliver messages via an encrypted network. The company urges email providers to support the capability.

If you are ambivalent about using STARTTLS — an extension that’s used to upgrade an insecure network connection between mail providers to an encrypted one — for your email encryption purposes, Facebook thinks you should give it a shot, as detailed in a Facebook blog post Tuesday.

The post by Facebook mail integrity engineer Michael Adkins details how Adkins conducted a short study to see whether or not mail providers are actively using STARTTLS. Adkins and Facebook were under the impression that the capability was not widely deployed throughout the industry.

To conduct the study, Adkins and his team analyzed a day’s worth of the company’s notification email logs, which contained data pertaining to “several billion emails to several million domains.” The majority of that data dealt with account-related notifications, like registration confirmations.

The Facebook team kept tabs on each SMTP server — the internet standard for sending emails — that claimed it could handle the STARTTLS extension, and found that 60 percent of the emails that Facebook sent to each servers were delivered via an encrypted connection. Adkins wrote that this “is an encouragingly high percentage.”

The posting also goes into detail about how mismatched certificates, as in the case where a security certificate does not match the hostname, led to the delivery of unencrypted emails, even though the server that received those emails advertised STARTTLS compatibility.

From the study’s results, Adkins concluded that the industry needs to come up with better ways to handle mismatched certificates and he urged everyone to use STARTTLS for encryption purposes.

Adkins’ sentiments echo comments made by Twitter’s Josh Aberant in a March posting on Twitter’s engineering blog that mentions how the company started using STARTTLS in January. In the blog, Aberant praised Gmail and AOL Mail for supporting the capability and urged other email providers to prioritize it if they haven’t already done so.

  1. Haha if they suggest what clothes people should wear people would do it too, what a joke

    Reply Share
  2. How about Facebook take some interest in the credit card fraud that is active afer many many years. Using Facebook Ireland as a front, I nearly got stung for $800. Was via Paypal ( a facebook company), is still going on acording to the online thread I follow. Very dubious indeed……….thieves

    Reply Share
    1. Facebook doesn’t own PayPal, never did, PayPal is owned by eBay

      Reply Share