June 3, 2014 | By Peter Eckersley

New Gmail Data Shows the Rise of Backbone Email Encryption

For the past few years, EFF has been working on promoting the universal use of encryption for Internet protocols. We started by pushing major sites to switch from HTTP to HTTPS, and gave individual users ways to pull things along.

Last November, we launched our Encrypt the Web Scorecard, which in addition to Web encryption, added a second focus on securing SMTP email transmissions between mailservers. We believe this is a vital protection against non-targeted dragnet surveillance by the US and other governments. In the months after we started rating their support for STARTTLS email encryption, a number of major sites including Yahoo!, Twitter, LinkedIn and Facebook deployed this form of backbone email encryption. Microsoft's deployments is in progress. We believe that most or all of these companies made these changes in response to EFF's Encrypt the Web report.

Encryption between Gmail and other mailserversSMTPS coverage at Gmail since December 2013

Today, Google, which led the email ecosystem with early adoption of STARTTLS and HTTPS, has published its own datasets on the amount of email that is encrypted in transit between Gmail and other email providers. This data shows that (averaging Google's inbound and outbound numbers) backbone encryption has risen from 33% to 58% since December last year.1 A Facebook snapshot from two weeks ago shows a similar story. But there is also more work to do. More mail operators need to implement STARTTLS, and some of those that already support STARTTLS need to upgrade their servers to support modern ciphers and forward secrecy.

If your organization runs a mail server, make sure STARTTLS is enabled and check that it is configured correctly today.

  • 1. If you'd like to calculate inbound encryption percentages for your own email domain, we have a rough draft script for doing this based on the headers in your historical email archives. It still a work in progress, so pull requests are welcome!

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

We're answering questions about cyber spying legislation on Reddit with @Accessnow, @fightfortheftr, and @ACLU now: https://eff.org/r.k5vj

Jul 29 @ 7:41am

In five minutes, join @EFF, @Access, @fightfortheftr, and @ACLU for a Reddit AMA on the "cybersecurity" bill CISA and privacy.

Jul 29 @ 6:56am

Happening now: TPP negotiators trading away our digital rights in the backrooms of a luxury hotel in Maui. https://eff.org/r.zr7c

Jul 28 @ 6:11pm
JavaScript license information