Can we determine if an email is encrypted during transport using the header information via ESMTPS?

377    Asked by AndrewJenkins in Cyber Security , Asked on Feb 8, 2022

 I already read some things about how mail servers handle transport encryption, e.g. How Can You Tell if an Email Was Transmitted Using TLS Encryption?.


Here are two examples for incoming mail to my provider's mail server (I edited the second one):

Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
    by mx02.posteo.de (Postfix) with ESMTPS;
Received: from XXX (YYY [1.2.3.4])
    by mx02.posteo.de (Postfix) with ESMTP
Does the occurrence of ESMTPS in the first example mean that TLS was used for transport encryption?

Does the occurrence of ESMTP in the second example mean that the mail was transferred unencrypted between the two servers?

Answered by Amy Avery

Yes, but only if you believe the MTA that inserted that header and every MTA that touched the message subsequently. Any of those MTAs could write that information into the header even if it isn't true.


No, here's a counterexample:

Received: from XXX (XXXX [IPv6:XXX])
    by XXX (XXversionXX) with ESMTP id XXXX
    (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT)
    for ; Tue, 23 Jun 2015 10:24:53 +0900

That mailer appears to have chosen to include information about the connection crypto in parentheses and did not write ESMTPS. So it appears there are definitely multiple ways of indicating this information in the header and you'd have to recognize them all. But once again, you cannot trust any of it anyway.



Your Answer

Interviews

Parent Categories