Use TLS with SMTP to Secure Your Email

Many of us Microsoft Exchange Server administrators have learned to ignore a simple fact: Most email is easily read in transit. You've no doubt heardthe chestnut that sending SMTP email is equivalent to sending a postcard; anyone who can access the postcard can read its contents (thus leading tofascinating historical artifacts such as the stamp code for concealing amorous messagesin plain sight).

How did this insecure transport method come about? The engineers who originally designed SMTP were working from a very different set of assumptionsabout how email would be used, who would use it, and how the Internet would be operated and maintained.

Related: Securing SMTP Email Traffic

Various proposals have been offered to update the security of SMTP traffic by changing, extending, or even replacing basic SMTP to provideauthentication, nonrepudiation, and confidentiality. However, SMTP deployment worldwide has reached critical mass; it's very unlikely that the protocolitself will be superseded by something more secure. In order to preserve confidentiality and nonrepudiation, then, we need to focus on methods thatwork within the confines of existing SMTP deployments.

One solution is to encrypt mail on the client so that it's protected before it's ever seen by an SMTP server. That's exactly what S/MIME does. However,S/MIME deployment can be complex. In exchange for its complexity, it gives us end-to-end protection that can include sender authentication,confidentiality, and nonrepudiation. For many sites, though, S/MIME is overkill; it would be great if there were a way to easily enable encryption formessage transport only. This level of protection would be enough to prevent eavesdroppers, even those with access to a target network, from readingmessages in transit between servers.

As it happens, there is a way to provide exactly this protection. Exchange Server and many other email servers support the use of Transport LayerSecurity (TLS) encryption along with SMTP. Just as you can use SSL (a close relative of TLS) to protect an HTTP session, you can use TLS with SMTP toprovide both confidentiality and authentication for email traffic.

When you configure a server to both offer and accept, but not require, TLS for SMTP, it's known as opportunistic TLS. Exchange 2003 didn't supportopportunistic TLS, but Exchange 2007, Exchange 2010, and Microsoft Office 365 all do. In fact, you can enable this protection even if you have only thedefault set of self-signed certificates, although you'll find that many servers won't accept them. For that reason, it's a good idea to obtaincertificates from a commercial CA for use with SMTP.

See also:  Configuring SSL/TLS

The setup process for enabling TLS with SMTP is simple: Obtain a suitable certificate, then install it using the Exchange certificate wizard or theEnable-ExchangeCertificate cmdlet. As soon as you've done so, Exchange will start accepting TLS requests, as signaled by the presence of the STARTTLSSMTP verb, as well as sending STARTTLS itself when communicating with other TLS-capable servers.

Because this is such a simple change to make, and because it provides an immediate privacy benefit, I encourage you to do it sooner rather than later.There's no downside.