June 3, 2014 | By Peter Eckersley

New Gmail Data Shows the Rise of Backbone Email Encryption

For the past few years, EFF has been working on promoting the universal use of encryption for Internet protocols. We started by pushing major sites to switch from HTTP to HTTPS, and gave individual users ways to pull things along.

Last November, we launched our Encrypt the Web Scorecard, which in addition to Web encryption, added a second focus on securing SMTP email transmissions between mailservers. We believe this is a vital protection against non-targeted dragnet surveillance by the US and other governments. In the months after we started rating their support for STARTTLS email encryption, a number of major sites including Yahoo!, Twitter, LinkedIn and Facebook deployed this form of backbone email encryption. Microsoft's deployments is in progress. We believe that most or all of these companies made these changes in response to EFF's Encrypt the Web report.

Encryption between Gmail and other mailserversSMTPS coverage at Gmail since December 2013

Today, Google, which led the email ecosystem with early adoption of STARTTLS and HTTPS, has published its own datasets on the amount of email that is encrypted in transit between Gmail and other email providers. This data shows that (averaging Google's inbound and outbound numbers) backbone encryption has risen from 33% to 58% since December last year.1 A Facebook snapshot from two weeks ago shows a similar story. But there is also more work to do. More mail operators need to implement STARTTLS, and some of those that already support STARTTLS need to upgrade their servers to support modern ciphers and forward secrecy.

If your organization runs a mail server, make sure STARTTLS is enabled and check that it is configured correctly today.

  • 1. If you'd like to calculate inbound encryption percentages for your own email domain, we have a rough draft script for doing this based on the headers in your historical email archives. It still a work in progress, so pull requests are welcome!

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

You can support EFF and get DRM-free ebooks about hacking in the Humble Book Bundle featuring @nostarch! https://www.humblebundle.com/...

May 3 @ 3:30pm

Tell your senators to stand up for consumers’ rights and fight forced arbitration. https://www.eff.org/deeplinks...

May 3 @ 2:49pm

The problems with DRM go so much deeper than limiting what you can do with your movies and music. https://www.eff.org/deeplinks... #DayAgainstDRM

May 3 @ 2:38pm
JavaScript license information