And opportunistic STARTTLS is vulnerable to downgrade attacks by MITM.
the problems with email are that, no matter how sure you are that the connection between you and your mail server, and your local and server storage, are secure, the parties you may be interacting with are not. And then, as is talked about in the article, your recipient forwards the mail as plaintext...
You might be surprised just how many mail providers support STARTTLS for email, at least opportunistically.
https://www.fastmail.com/help/technical/ssltlsstarttls.html
And opportunistic STARTTLS is vulnerable to downgrade attacks by MITM.
the problems with email are that, no matter how sure you are that the connection between you and your mail server, and your local and server storage, are secure, the parties you may be interacting with are not. And then, as is talked about in the article, your recipient forwards the mail as plaintext...
And downgrade attacks are mitigated by MTA-STS: https://www.hardenize.com/blog/mta-sts
Not supported by everyone just yet since this is a new standard, but Gmail at least supports it.