About

STARTTLS Everywhere is a project to make email delivery more secure. It is created and maintained by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit.

We want safer hops for email. Email goes through multiple computers (or multiple “hops”) to get to its destination, and each hop should be as secure as possible. More specific goals of the project include:

If you have questions about STARTTLS Everywhere, check out the FAQ. If you are an email service provider, you can also learn more about being added to the STARTTLS Everywhere policy list.

If you like the project, consider donating!

MTA-STS adoption and integration

MTA-STS is a new Internet standard for e-mail that has many of the same goals as STARTTLS Everywhere. We’re tracking its adoption across the top million domains and users of our site. Here are some growth statistics about the deployment of MTA-STS!

Percent of scans on starttls-everywhere.org supporting MTA-STS

Domains in the top million[2] supporting MTA-STS

Statistics

In 2015, researchers discovered that ~20% of the Alexa top million domains which have mailservers don’t use STARTTLS, and ~40% present invalid certificates [1]. In addition, STARTTLS commands from several countries were being regularly downgraded, as high as 96% of the time.

These results are the motivation for this project.

Footnotes

  1. Neither Snow Nor Rain Nor MITM … An Empirical Analysis of Email Delivery Security https://zakird.com/papers/mail.pdf
  2. Top million domains sourced from https://majestic.com/reports/majestic-million.