Email has multiple security issues. For instance, it relies on SMTP (Simple Mail Transfer Protocol) which generally does not use encryption or authentication. Just as your postal carrier can read what you write on a postcard, email services and anyone who’s watching email traffic (NSA, hackers), can read email content.

STARTTLS is an addition to SMTP that can enable hop-to-hop encryption. This is encryption in transit.  Note, this is not end-to-end encryption. Email providers and receivers can still read the contents before and after sending it, but it should make content unreadable to anyone watching in between. However, since most email servers do not use certificate validation, a hacker can impersonate the sending or receiving servers and bypass encryption.

Also, since STARTTLS usually requires sending an unencrypted request to the receiving server, hackers can block this request to bypass encryption.

To address this problem, the Electronic Frontier Foundation (EFF) has created a project called STARTTLS Everywhere.

It provides a way for participating email service providers to enable  STARTTLS without sending an unencrypted request. The challenge is getting all mail servers to participate. Email server managers can learn more about STARTTLS Everywhere at