Email remains the most heavily used form of nearly instantaneous communication, with billions of subscribers and similarly high number of messages exchanged in a single day. Yet the security of email connections is still often absurdly bad. This is, in part, due to the difficulties of rolling out a working Public Key Infrastructure on a global scale. In this project, we take a new approach. We abandon the attempt to enforce binary security decisions (“secure or not”) and instead rely on historical and ongoing observations from Internet measurements to estimate the security of a fresh email connection.
We have already built a toolchain to continously measure and track the security of connections to a large number of email servers. In this project, we want to extend this to the full Internet and the entire range of email protocols. We will use Internet-scale scanners and build models that predict which characteristics a safe connection should have and whether a fresh connection should be considered secure or not. We evaluate our work by using data from a passive network monitor, i.e. real network traffic, to provide an estimate of the possible benefits our solution can provide.