Email - PHP SMTP Library

The Status of Encryption and Authentication in Email

I get an awful lot of emails along the lines of "Here's how you could add SMTP Auth to Email - can you add it to the next release?" and/or "Can you add SSL connection to Email - my SMTP server needs it". No, no and no.

I need secure mail

First things first - your mail is not secure. Not with Email, not with Outlook, not ever*. So even if it were possible to send it over an SSL connection, it wouldn't help. Keep reading for more info.

My SMTP server requires a login and/or SSL

For you maybe, but not for Email. You are asking your SMTP server to relay a message, say from you to your Gran. In the interests of minimising the global spam count its good form to ensure that you are a nice legitimate sender, we do that through many methods, one is asking for a user name and password and we tend to use SSL connections to ensure every Tom, Dick and Harry doesn't find out what that password is.

Email, however, is an SMTP server (of sorts) and only contacts your SMTP server to drop off a message for you. "How come it doesn't have to give a password?" you might ask. Well, consider your Gran on AOL and you're using Gmail. When your Gran sends you a message she doesn't know your password - heck she doesn't have any password for Gmail, she's on AOL! If you are asking a mail server to keep a message warm for the person you sent it to you don't need a password, you just need to know who it's for (you, dummy) and what mail server to hand it to - which is what DNS is for.

So, what about secure mail?

Even if you send your messages via SSL to your SMTP server as soon as it needs to travel to your Gran at AOL (see above) your mail server drops down to dumb-ass mode (just in case AOL's server is a bit old) and starts transferring your message in the clear for all and sundry to see. Painful, yes, but true. Back in the real world, to ensure your message gets delivered Email also has to drop down and send your message in the clear - as this is still the standard for inter-ISP mail transfer. So now you know why you should never email passwords around, unless they are to be changed on first log-in.

You, sir, are a %!#*@$ fool!

Really? Please tell me I am. I'd honestly like to bring a little security to you messages. I'm not just trying to get out of writing code, some people have already sent some in - I just can't see how it would ever be needed. If there is a better way, please get in touch and cure my ignorance.

* I'm aware that if you manually encrypt your mail, for example with GPG or PGP then yes, your mail is secure, but even then the cypher text could be sniffed at any point during transmission between ISPs even if the transmission to your own mail provider is over SSL.