These days, most email servers support transport route encryption with STARTTLS. This is a positive development: When a transport route is encrypted, nobody can readily read your emails on the transport route. At the beginning of 2013, before Edward Snowden’s disclosures, the encryption of transport routes was not yet particularly widespread.
With TLS, encryption is not “forced”, however – instead, it is newly-negotiated for each individual connection between the email servers involved. At any time, it is possible that for TLS-capable servers, no encryption occurs, due to a technical error or attacks. For precisely this reason there is no TLS status displayed at Posteo: Before a connection for sending is established, no serious statement can be made about whether an email to a recipient will actually be encrypted with TLS.
A TLS status display would either be based on experiences from the past, which do not allow any inferences about future connections, or it would check shortly before actually sending, whether TLS occurs, which can also quickly change due to a technical error or an attack. We are therefore convinced that a TLS status display is dubious, constituting a false sense of security.
If you would like to ensure that your emails are guaranteed only to be sent when an encrypted transport route actually occurs, you can activate our TLS-sending guarantee. The guarantee can be activated at the click of a button in the Settings of your account via My account under Transport route encryption.
If you activate the TLS-sending guarantee, we guarantee to only send your emails when a message can be transported with encryption. If secure sending over an encrypted connection is not possible, transfer of the email will not occur, and you will receive a notification from us. Therefore, if unauthorised third parties attack a secure connection wanting to force an unencrypted connection, we prevent sending.
Why does Posteo instead display the DANE status?
In the Posteo webmail interface, a small DANE symbol is displayed when the recipient’s server supports DANE.
We display this new security technology because with DANE, a serious assertion can be made before sending about whether the technology will be used. DANE has solved the problems with STARTTLS for email traffic. If email servers support DANE, the servers involved in the communication must encrypt between one another. If there are interruptions with TLS implementation or the communication is exposed to an attack, the email will not be sent.
In addition, before transferring emails, the servers undertake a check of their security certificates. This ensures that the other server is in fact the “actual target” of the communication – and not a man-in-the-middle who has set themselves up in between. With DANE, therefore, encrypted sending can safely be ensured in advance. This is why we are providing a DANE status display in the webmail interface.
In summary, the display means that your email is guaranteed to be sent with DANE over an encrypted transport route to the actual, legitimate recipient server.