I’ve developed a Sieve script that will auto-respond with a description of how your email message was received, with a snippet of the “Received:” header If you run a mail server or use a local ISP, this is an easy way to see if connections to this site are secure. To use, simply send a blank Email to: firstname.lastname@example.org.
You should *not* use Email accounts from Microsoft, Yahoo, Google, or AOL if you expect privacy since all of these are listed as NSA PRISM program participants. Use extreme caution. Anything you’ve ever said or done will be used against you in the future; and if not you, then your children or grand-kids. The NSA vs. Reality Winner case is an example of this.
Download and Installation
This Sieve script is compatible with Pigeonhole Sieve but should also work fine with CMU Sieve and others. It does require that the standard “vacation-seconds” and “variables” extensions be activated.
The script may be downloaded here.
After downloading, make sure to change the “subject“, “myaddress“, and “serverstring” variables at the top of the file.
Local Mail System Attributes
The local mail server will attempt to use the following priorities in establishing TLS/SSL connections:
pri ciphersuite protocols pubkey_size pfs 1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 4096 ECDH,P-384,384bits 2 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 4096 DH,2048bits 3 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 4096 ECDH,P-384,384bits 4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 4096 DH,2048bits 5 ECDHE-RSA-AES256-SHA384 TLSv1.2 4096 ECDH,P-384,384bits 6 DHE-RSA-AES256-SHA256 TLSv1.2 4096 DH,2048bits 7 ECDHE-RSA-AES128-SHA256 TLSv1.2 4096 ECDH,P-384,384bits 8 DHE-RSA-AES128-SHA256 TLSv1.2 4096 DH,2048bits 9 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 4096 ECDH,P-384,384bits 10 DHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 4096 DH,2048bits 11 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 4096 ECDH,P-384,384bits 12 DHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 4096 DH,2048bits 13 AES256-GCM-SHA384 TLSv1.2 4096 None 14 AES128-GCM-SHA256 TLSv1.2 4096 None 15 AES256-SHA256 TLSv1.2 4096 None 16 AES128-SHA256 TLSv1.2 4096 None 17 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 4096 None 18 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 4096 None
The general attributes for this server’s cipher prioritization are:
- Perfect Forward Secrecy (PFS) cipher suites are preferred over non-PFS ciphers.
- Of the PFS cipher suites, Elliptical Curve Diffie-Hellman is preferred over standard Diffie-Hellman.
- Galois Counter Mode (GCM) is preferred over Cipher Block Chaining (CBC) mode for any given encryption algorithm.
- For any given encryption algorithm, larger key sizes (e.g. AES-256) are preferred over shorter ones (e.g. AES-128).
Typical Connection Attributes
I took a snapshot of the mail server this morning (9/26/2017) to show some typical SSL/TLS encrypted connections to the mail server.
Public Email Systems
- Google: ECDHE-RSA-AES128-GCM-SHA256
- Yahoo: ECDHE-RSA-AES128-GCM-SHA256
- Yandex (.ru): ECDHE-RSA-AES128-GCM-SHA256
- Microsoft: ECDHE-RSA-AES256-SHA384
- AOL: DHE-RSA-AES256-SHA
Google, Yahoo, and Yandex are all AES-128, but use GCM. Microsoft and AOL use AES-256, but in CBC mode. Both CBC and GCM provide privacy (encryption), but GCM provides integrity checking (Counters) as well.
Considering that both AES-128 and AES-256 are considered unbreakable until 2030-2040, AES-128 offers about a 40% gain in processing power over AES-256.
A big advantage of using GCM is that it offers faster throughput than CBC mode ciphers. GCM can operate in a “parallel” fashion by not having to wait for the preceding cipher-text block to complete before encrypting the next plain-text block.
Cipher Block Chaining (CBC) is also susceptible to expanded block-size/padding attacks, like POODLE. GCM is the way the industry is going these days.
All but AOL use ECDHE in their connections, whereas AOL uses DHE. Both are effective in providing Perfect Forward Secrecy but operationally, ECDHE negotiation is a little bit faster and ECDHE is proven to be more resistant to attacks (like LOGJAM). ECDHE is favored nowadays.
Retail and Social Internet Systems
- Groupon: ECDHE-RSA-AES256-GCM-SHA384
- Plenty Of Fish: ECDHE-RSA-AES256-GCM-SHA384
- Exact Target: ECDHE-RSA-AES256-GCM-SHA384
- Constant Contact: ECDHE-RSA-AES256-GCM-SHA384
- Office Depot: ECDHE-RSA-AES256-GCM-SHA384
- Big Lots: ECDHE-RSA-AES256-GCM-SHA384
- Go Daddy: ECDHE-RSA-AES256-GCM-SHA384
- Hilton Hotels: ECDHE-RSA-AES256-GCM-SHA384
- Ticket Master: ECDHE-RSA-AES256-GCM-SHA384
- Michaels: ECDHE-RSA-AES256-SHA
- Publix: ECDHE-RSA-AES256-SHA
- Amazon SES: ECDHE-RSA-AES128-SHA
- Facebook: ECDHE-RSA-AES128-SHA
- AmeriTrade: AES128-SHA
It is interesting to note how secure the Contact Managers and Dating sites are. The other retailers have various degrees of Email transport security.
- rr.com: ECDHE-RSA-AES256-GCM-SHA384
- Custom Manufacturing and Engineering: DHE-RSA-AES128-SHA
- Johnson Services: AES256-GCM-SHA384
Local Workstations Email Clients
- Windows 10/Thunderbird: ECDHE-RSA-AES128-GCM-SHA256
- Windows 10/Outlook 2007: ECDHE-RSA-AES256-GCM-SHA384
- Android Nougat/K-9 Mail: DHE-RSA-AES256-GCM-SHA384
- Android Marshmallow/Android Native Email: ECDHE-RSA-AES128-GCM-SHA256
My Thunderbird client connects with AES-128 although ECDHE-RSA-AES256-GCM-SHA384 is available in its configuration. Even though a certain type of encryption is offered, it doesn’t mean that the client will negotiate it; all the more reason for a script like this!