Due to the fact that for sending email messages SMTP standard does not use any encryption or authentication procedure, any message is available for viewing. Decisions on the client side, such as Secure MIME (S / MIME) or Pretty Good Privacy (PGP), can help to solve the problem of protecting the mail, but they need to participate in this procedure the users themselves. The main area where the focus should be – the SMTP traffic protection. If we manage to secure SMTP, then it will be possible to achieve absolute security of email traffic, it does not matter – it is generated or ends on the server.
Microsoft Exchange Server provides several ways to ensure the security of e-mail traffic. One of them is the mandatory use of Secure Sockets Layer (SSL) for SMTP for available connections. However, the use of this method causes some problems. By default, all SMTP servers use port 25. But if the 25-th port is used SSL, this other servers that do not support the SSL, will not be able to connect to this server through port 25. And if you use a non-standard port number, all other servers will not be able to detect it.
The problem can be to try to get around. STARTTLS command (which is part of the Extended SMTP – ESMTP) allows the client and the SMTP server to recognize the fact of the use of Transport Layer Security (TLS) for normal SMTP-session. Member on any of connection’s end can authenticate your partner, or TLS-connection can be used exclusively as a secret communication channel. Whatever it was, this approach has three important advantages.
There is no intersection with other servers and clients. Those customers who support STARTTLS function can use it; those who cannot, continue to operate with an unprotected traffic SMTP.
The flexibility of the solution. If the client can use TLS with SMTP, the server automatically requests a TLS-connection when accessing other servers and it responds to requests for TLS-connection. Assume that any external server launched the process of harmonization of subscribers, in this case the mail is automatically protected. However, I would advise administrators to force users to include SSL / TLS option on the email client.
The TLS-encryption of SMTP protects the message headers, this is an additional level of protection against traffic analyzers programs, without which an attacker could easily determine who and how often associated with each other.
One important warning: TLS does not protect messages all over the connection, from end to end. In other words, the message is not protected when its storage on the client station or in transit from the client to the server (if the client does not support TLS). TLS protects the message, just when it is transferred between the two servers that support TLS.