A new proposal has been
submitted to the the Internet Engineering Task Force, a major internet standards organisation. The proposal, which had input from engineers working at Google, Yahoo, Comcast, Microsoft, LinkedIn, and 1&1 Mail & Media Development, will ensure emails are encrypted before they're sent. If the destination doesn't support encryption or their certificate is invalid, the email won't be sent and users will be told why.
Most emails that are sent today are sent in plain text using SMTP. This offers no protection against man-in-the-middle (MITM) attacks, meaning a hacker could easily read your messages. SMTP STARTTLS tried to address the need for encryption but is not widely used and has numerous flaws. In addition, users get no warning when an email they're sending falls back to using plain text.
