Modern email security standards complement the original email protocol, developing security standards to protect email communications.
Simple Mail Transfer Protocol (SMTP), the protocol used to send emails, was originally designed under the assumption that servers and communications over the Internet could be trusted. Therefore, no security measures were foreseen. Since its creation in the pre-Internet era, the Internet community has developed different email security standards to complement SMTP and protect email communications. The deployment of these security standards is key to ensure the security of email communications. These modern email security standards include:
The STARTTLS command is an extension to SMTP, the protocol used to transmit emails. It encrypts communications between client and server. The proper use of STARTTLS ensures that the messages sent between sender and recipient cannot be read by a third party.
The majority of the domains located in the EU Member States currently have a high support rate for STARTTLS.
The Sender Policy Framework (SPF) is a protocol that allows an email provider to announce a list of hosts (IP addresses) authorised to deliver emails on its behalf. The SPF protocol allows us to avoid spam and phishing emails sent from rogue hosts or networks by explicitly indicating the hosts that are authorised to send emails on behalf of a domain.
The majority of the domains located in EU Member States have a very high support rate for SPF.
DomainKeys Identified Mail (DKIM) is an authentication mechanism used to verify the legitimate origin of an email. It uses digital signatures to verify the identity of the sender host and to confirm that the message has not been modified during its transport from the sender to the recipient. The DKIM authentication mechanism is an effective measure to fight against spam and phishing when used together with the SPF protocol.
The deployment of DKIM is high on average.
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a mechanism that allows a domain to indicate to other domains what to do with emails that seem to originate from that domain but fail the SPF policy or DKIM authentication. It also indicates an email address to receive reports. Such emails could be rejected, quarantined, or delivered normally. DMARC is always used together with SPF and DKIM.
DMARC support for EU-based domains is currently at a medium level, with some differences among individual countries.
DNS-based Authentication of Named Entities (DANE) is a way of binding digital certificates or public keys to domain names. The use of DANE increases the level of trust as well as the security and privacy of communications. Along with Domain Name Security System Extensions (DNSSEC), it can be used to mitigate attacks on confidentiality.
Currently, there is almost no support at all for DANE in EU-based domains. This is a direct consequence of the low support for DNSSEC, as it is a requirement for implementing DANE.