Server-to-server e-mail encryption using the STARTTLS protocol has reached an important tipping point that hardens the majority of messages Facebook sends its users against wholesale snooping by well-financed adversaries, according to figures released Tuesday by the site.
The social network said 58 percent of the notification e-mails it sends users are successfully encrypted using STARTTLS. Even more impressive, 76 percent of unique Mail Exchange hostnames are set up to support the protection, although only about half of them use valid digital certificates to cryptographically validate connections. STARTTLS ensures that plaintext e-mails are encrypted before being transferred from the sending server to the receiving server. Amid revelations of an expansive surveillance program by the National Security Agency and other state-sponsored groups, the extension is seen as a way of thwarting such programs or at least making them more costly to carry out. But like most network-based technologies, its value is proportional to the square of the number of servers that use it, meaning it provides benefit only when widely used.
"It's clear to us that STARTTLS has achieved critical mass and there is immediate value in deploying it," Facebook officials wrote in a blog post. "We encourage anyone who has not already deployed STARTTLS to at least deploy it for opportunistic encryption. As more systems support e-mail encryption, the value increases for everyone."