Most Australian email servers offer encryption

A large survey of mail exchangers by Facebook shows that Australia scores highly when it comes to offering secure, encrypted transmission of messages.

The survey, conducted by Facebook's mail integrity engineer Michael Adkins, analysed the deployment of the SMTP STARTTLS transport layer security command that kicks off encrypted message transmission.

The survey found almost 10 percent of Aussie email servers required STARTTLS and just under 70 percent offer it optionally.

This places Australia on par with North American and European email senders, and far ahead of other countries in the Asia Pacific, although New Zealand was not included in Facebook's survey.

Use of STARTTLS in APAC. Source: Facebook

Emails are often used to transmit sensitive information, ranging from personal messages to password resets and two-factor authentication challenges, to verify users. 

If emails are not encrypted with the Transport Layer Security (TLS) / Secure Sockets Layer security protocol stack, email messages are sent in clear text across the internet, and anyone who can access the data stream can read them.

Adkins said Facebook encrypts emails by default via the STARTTLS command whenever it is available. While the technology has been around for more than fifteen years, Adkins said it was reputedly not widely deployed. 

Through his research, his team found that more than three-quarters of unique mail exchanger hosts that receive Facebook emails support STARTTLS and of these, 58 per cent are successfully encrypted.

This contradicts the perception that STARTTLS isn't widely deployed and indicates it has reached critical mass, Adkins noted.

Adkins admitted more work is required on the STARTTLS front since there are still problems with misconfigured or invalid digital certificates used to authenticate communications.

Facebook said it sends several billions of emails to millions of domains every day, mostly notification messages about activities on the social network.

Its analysis of email transmission log data may underrepresent government and corporate use of STARTTLS for that reason, Adkins said.