- Google, Yahoo, Comcast, Microsoft, LinkedIn, and 1&1 Mail & Media Development and Technology are working together on a proposal that would help improve email security, according to a ZDNet report Monday.
- Web giants like Amazon, Facebook, Google, Microsoft, Yahoo and others support STARTTLS, an extension that upgrades plain text to encrypted connections on the Simple Mail Transfer Protocol (SMTP).
- But the system "favors falling open," which exposes STARTTLS to attacks that downgrade encrypted connections to insecure ones.
The companies’ proposal, in an effort to ensure secure communication, would encourage a change so that the STARTTLS system would stop delivering a message if it could not be securely delivered.
The design was originally meant to encourage email providers employ STARTTLS, but research found that attackers can force a downgrade to non-encrypted channels, further compromising email security.
The proposal was submitted by the companies on Friday and expires in September.
Last week, Google said it is working on a project that focuses on encryption in email. The project, called End to End, would make it easier to send encrypted emails. Until recently, Google had made little progress with the project since it was launched in 2014.