STARTTLS Everywhere is a project to make email delivery more secure. It is created and maintained by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit.
We want safer hops for email. Email goes through multiple computers (or multiple “hops”) to get to its destination, and each hop should be as secure as possible. More specific goals of the project include:
- Improve STARTTLS adoption.
- Prevent downgrade attacks on email services..
- Supporting the adoption of technology such as MTA-STS, our STARTTLS Policy List, and DANE.
- Lower the barriers to entry for running a secure mailserver.
If you like the project, consider donating!
In 2015, researchers discovered that ~20% of the Alexa top million domains which have mailservers don’t use STARTTLS, and ~40% present invalid certificates . In addition, STARTTLS commands from several countries were being regularly downgraded, as high as 96% of the time.
These results are the motivation for this project.
 Neither Snow Nor Rain Nor MITM … An Empirical Analysis of Email Delivery Security https://zakird.com/papers/mail.pdf