Paper on TLS usage for all email protocols, IPv4-wide is online
Today we’ve published our paper on TLS use in e-mail protocols (SMTP, IMAP, POP..) on the Internet. Our paper and the corresponding dataset are now publicly available, you can find the paper here. Our dataset is published at scans.io.
Over the time of three months we conducted more than 10 billion TLS handshakes, and are thus the first in the field to draw a comprehensive picture across all email protocols in use today. We find that email submission and transmission are inherently less secure compared to HTTPS. The usage of depreciated ciphers and plaintext fallback mechanisms are non-trivial problems to solve since we as a society heavily depend on email. We also show in the paper that big players like Google, Microsoft and Yahoo can easily continue to lead the way by depreciating insecure transmission mechanisms.