Comment by willvarfar
7 years ago
And opportunistic STARTTLS is vulnerable to downgrade attacks by MITM.
the problems with email are that, no matter how sure you are that the connection between you and your mail server, and your local and server storage, are secure, the parties you may be interacting with are not. And then, as is talked about in the article, your recipient forwards the mail as plaintext...
And downgrade attacks are mitigated by MTA-STS: https://www.hardenize.com/blog/mta-sts
Not supported by everyone just yet since this is a new standard, but Gmail at least supports it.