View article

TLS is the most widely used cryptographic protocol on the Internet today. While multiple recent studies focused on its use in HTTPS and the adoption rate of additional security measures over time, the usage of TLS in e-mail-related protocols is still lacking detailed insights. End-to-end encryption mechanisms like PGP are seldomly used, and as such today's confidentiality in the e-mail ecosystem is based entirely on the encryption of the transport layer. However, a large fraction of e-mails is still transmitted unencrypted, which is highly disproportionate with the sensitive nature of e-mail communication content. A well-positioned attacker may be able to intercept plaintext communication content as well as communication metadata passively and at ease. We are the first to collect and analyze the complete state of today's e-mail-related TLS configuration, for the entire IPv4 address range. Our methodology is based on …