June 3, 2014 | By Peter Eckersley

New Gmail Data Shows the Rise of Backbone Email Encryption

For the past few years, EFF has been working on promoting the universal use of encryption for Internet protocols. We started by pushing major sites to switch from HTTP to HTTPS, and gave individual users ways to pull things along.

Last November, we launched our Encrypt the Web Scorecard, which in addition to Web encryption, added a second focus on securing SMTP email transmissions between mailservers. We believe this is a vital protection against non-targeted dragnet surveillance by the US and other governments. In the months after we started rating their support for STARTTLS email encryption, a number of major sites including Yahoo!, Twitter, LinkedIn and Facebook deployed this form of backbone email encryption. Microsoft's deployments is in progress. We believe that most or all of these companies made these changes in response to EFF's Encrypt the Web report.

Encryption between Gmail and other mailserversSMTPS coverage at Gmail since December 2013

Today, Google, which led the email ecosystem with early adoption of STARTTLS and HTTPS, has published its own datasets on the amount of email that is encrypted in transit between Gmail and other email providers. This data shows that (averaging Google's inbound and outbound numbers) backbone encryption has risen from 33% to 58% since December last year.1 A Facebook snapshot from two weeks ago shows a similar story. But there is also more work to do. More mail operators need to implement STARTTLS, and some of those that already support STARTTLS need to upgrade their servers to support modern ciphers and forward secrecy.

If your organization runs a mail server, make sure STARTTLS is enabled and check that it is configured correctly today.

  • 1. If you'd like to calculate inbound encryption percentages for your own email domain, we have a rough draft script for doing this based on the headers in your historical email archives. It still a work in progress, so pull requests are welcome!

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Jail email service @JPay_com's ToS says it owns intellectual property rights over inmate-family correspondence https://eff.org/r.stln

May 5 @ 6:11pm

The Senate has unveiled the PATENT Act—an anti-troll bill. Here's what we like and what we want to see improved: https://eff.org/r.1tdw

May 5 @ 1:10pm

With "automated speech recognition, the NSA has entered the era of bulk listening," reports @the_intercept. https://eff.org/r.1o6b

May 5 @ 12:05pm
JavaScript license information