Security is paramount when it comes to sending and receiving emails. Many people exchange sensitive information over email, so preventing unauthorized third parties from spying on the information is necessary. The StartTLS command is a critical part of email security. This article will explain what it is, how it works, and its benefits.
What Is StartTLS?
StartTLS is a protocol command instructing a server to switch from an insecure connection to a secure one. It instructs servers to switch from an unencrypted connection to an encrypted one protected by the Transport Layer Security (TLS) protocol. Hence the command “Start TLS.” This command is implemented in several network protocols, including SMTP and IMAP.
What Is TLS?
Transport Layer Security is a cryptographic protocol that enables safe communications over a network. It prevents information from being intercepted in transit.
This protocol was released in 1999 as a successor to the Secure Sockets Layer (SSL) protocol. It is more efficient than its predecessor and fixes vulnerabilities that people experienced with SSL. Nowadays, many people use the two terms interchangeably. Whenever you hear someone talk about an SSL certificate, they’re likely referring to TLS, as the former has been deprecated in favor of the latter.
How Does TLS Work?
It uses asymmetric cryptography to generate a session key and exchange it between the sender and recipient’s servers. The sender encrypts the information using this session key, and the recipient must use the same key to decrypt it. If a third party intercepts the message in transit, it’ll be useless because they don’t have the key to decrypt it.
How Does StartTLS Secure Emails?
The first step of securing emails is a “handshake” between an email client and its assigned server. Whenever two humans meet, they often shake hands before starting a conversation. It works the same way between email clients and servers.
When you hit the send button, a handshake occurs between your client and server. This handshake is facilitated by the Simple Mail Transfer Protocol (SMTP). Your client contacts the server to verify that it works as intended. It also asks the server whether it supports the TLS protocol.
Email server connection is insecure by default, and this may lead to sensitive data being leaked. Thus, your client tries to establish a secure connection using one of these two approaches:
- Explicit: It opens an unsecure connection and uses the StartTLS command to instruct the server to upgrade to a connection secured by the TLS protocol. The server recognizes the instruction and immediately upgrades to a secure connection if it supports TLS. If it doesn’t, the connection proceeds as insecure.
- Implicit: The client tries to establish a secure connection without consulting the server first. If a secure connection can not be established, the connection is broken.
The difference between these approaches is that the explicit approach gives room for an insecure connection if the server is incompatible with the TLS protocol; it’ll send the email in plain text. However, in the implicit approach, the connection will be terminated if it can’t be encrypted.
Advantages of StartTLS
The main advantage of StartTLS is that it ensures emails are encrypted if the sender’s and recipient’s servers support the TLS encryption protocol. At the same time, it allows fallback to a plain connection.
We have provided a detailed answer to the question, “What is StartTLS?”. At this point, you should have an understanding of what it is and the benefits it brings.