opportunistic email encryption by the MTA (not MUA)

Rich Kulawiec rsk at gsp.org
Sat Jan 16 08:38:40 UTC 2021


While I agree pretty much entirely with everything you've expressed,
there is another force in the world quietly chugging away to make
sure that email privacy remains largely hypothetical...and that is:
cloud computing.

A lot of people have outsourced their mail service to cloud operations,
so even if the mail servers on both ends do everything "right", which
(to your point) might include a refusal to transmit messages unless an
over-the-wire encryption method is agreed on, messages thus sent are
available in plaintext on both sides of the transmission and thus can
be inspected/collected/etc. at will by the operators of the cloud [1].
Or by anyone who's penetrated the cloud.

Note that while use of PGP/similar to encrypt the message itself helps
with this, that doesn't stop traffic analysis on either side of the
transmission.

---rsk

[1] Which includes the people working there and working for them,
as well as the people working there and not working for them.


More information about the NANOG mailing list