June 3, 2014 | By Peter Eckersley

New Gmail Data Shows the Rise of Backbone Email Encryption

For the past few years, EFF has been working on promoting the universal use of encryption for Internet protocols. We started by pushing major sites to switch from HTTP to HTTPS, and gave individual users ways to pull things along.

Last November, we launched our Encrypt the Web Scorecard, which in addition to Web encryption, added a second focus on securing SMTP email transmissions between mailservers. We believe this is a vital protection against non-targeted dragnet surveillance by the US and other governments. In the months after we started rating their support for STARTTLS email encryption, a number of major sites including Yahoo!, Twitter, LinkedIn and Facebook deployed this form of backbone email encryption. Microsoft's deployments is in progress. We believe that most or all of these companies made these changes in response to EFF's Encrypt the Web report.

Encryption between Gmail and other mailserversSMTPS coverage at Gmail since December 2013

Today, Google, which led the email ecosystem with early adoption of STARTTLS and HTTPS, has published its own datasets on the amount of email that is encrypted in transit between Gmail and other email providers. This data shows that (averaging Google's inbound and outbound numbers) backbone encryption has risen from 33% to 58% since December last year.1 A Facebook snapshot from two weeks ago shows a similar story. But there is also more work to do. More mail operators need to implement STARTTLS, and some of those that already support STARTTLS need to upgrade their servers to support modern ciphers and forward secrecy.

If your organization runs a mail server, make sure STARTTLS is enabled and check that it is configured correctly today.

  • 1. If you'd like to calculate inbound encryption percentages for your own email domain, we have a rough draft script for doing this based on the headers in your historical email archives. It still a work in progress, so pull requests are welcome!

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Illinois drone task force would have 22 members, mostly cops and industry reps, but not a single privacy advocate https://eff.org/r.6isf

Jun 29 @ 3:53pm

The Supreme Court's refusal to hear the API copyright case Oracle v. Google could be bad news for interoperability https://eff.org/r.68fa

Jun 29 @ 2:33pm

Do you want to fight for the user? EFF has a position open on our activism team: https://eff.org/r.6u3s

Jun 29 @ 1:56pm
JavaScript license information