Building Enhanced Messaging Security Into SMTP
The primary protocol for transmitting email, SMTP (Simple Mail Transfer Protocol), was designed to provide an open framework for sending messages between different Internet domains. Encryption of the transmission and of the content of those messages wasn’t part of the consideration in the small, trusted academic environment from which early messaging protocols emerged. Needless to say, the world has changed, and we’re working with our industry peers to make sure email security and privacy evolves to keep pace with the myriad threats customers face today and in the future.
As messaging evolved and expanded beyond the universities where it was invented, it became obvious that security wasn’t just desirable, but necessary for all messaging, including email. The most widely used tool for providing that protection today is a technology called opportunistic TLS (Transport Layer Security) which we use to encrypt message transfer sessions from one email domain to another (e.g. from comcast.net to gmail.com).
TLS is a good technology that provides important protections to Internet users, but it comes with widely understood limitations. While using opportunistic TLS encryption creates an added layer of protection, it does not necessarily safeguard users against so-called Man-In-The-Middle attacks, which could lead to someone impersonating the intended destination.
As a result, ISPs and other mailbox providers are now taking the next step to lead the way toward stronger security. To do so, we are now working on two proposed methods of increasing transport security: DANE and SMTP STS.
DANE (DNS-based Authentication of Named Entities) allows a sender to validate the certificate presented by the receiving system using the DNSSEC (DNS Security Extensions) trust model. The receiver will present some form of their certificate in a DNS record, and then that record is signed. When the sender attempts to deliver to the receiving system, it would be able to request a signed DNS record with a representation of the SMTP certificate via DNSSEC. Comcast successfully implemented DNSSEC in 2012, becoming the first major ISP in the U.S. to do so, and we continue to urge major domain owners and ISPs to do the same. More recently, Comcast’s Xfinity Connect email platform has deployed a DANE TLSA record for inbound traffic, with outbound DANE expected later this year. As more email providers and domain owners continue to adopt DNSSEC and DANE, the security for end users becomes that much stronger.
SMTP STS (Strict Transport Security) relies on the CA (Certificate Authority) trust model and validates presented certificates via WebPKI. This is a newly proposed mechanism, and may still undergo a number of changes, though the core validation mechanism should stay the same. A receiving system can declare a policy that allows them to specify if they support TLS, that the sender should validate the cert via the WebPKI, and where to send TLS failure reports. WebPKI is the same trust model that traditional web browsers use today to secure interactions with websites such as shopping, finance, and other transactions intended to be private.
STS was a collaborative effort born out of the desire to increase the security used to deliver email, even for domains that have not adopted DNSSEC. To reach a consensus on what would work for many messaging operators, Comcast worked with representatives from other industry leaders to develop the mechanism. The work has been shepherded by the Pervasive Monitoring SIG, a sub-committee within the Mobile, Malware, and Messaging Anti-Abuse Working Group (M3AAWG), whose goal is to encourage stronger security and educate others about how to combat eavesdropping on private data. Various participating entities have already begun to deploy some portions of the specification meant for testing and validation between the messaging operators. This is a great example of companies coming together to provide more security around messaging, and we hope to be a part of similar endeavors in the future. The eventual goal of this work is to create a full protocol standard within the Internet Engineering Task Force (IETF) that can be implemented by anyone wanting to more securely transmit Email.
Beyond the work and advocacy of technologies such as DNSSEC, DANE, and STS, Comcast continues to work within the industry to find solutions for each segment of a typical email transaction with the ultimate goal being a trusted, end-to-end encrypted communication no matter what domains or devices are involved.