Two disadvantages of STARTTLS
Posted: Sat Feb 01, 2025 9:32 am
While there are advantages, there are also disadvantages. Here are two disadvantages of STARTTLS.
Both the sender and receiver must support STARTTLS.
To send and receive email encrypted using STARTTLS, both the receiving server and the sending server must support STARTTLS. If one of them does not support STARTTLS, the email will not be medical mail list encrypted, which may not be sufficient as an added layer of security. Some older email servers in particular may not be STARTTLS-enabled, so it is a good idea to check whether the recipient supports STARTTLS before sending an email.
Unable to check if encrypted
A disadvantage of STARTTLS is that there is no dedicated port number, so there is no way to check whether the message is encrypted. Also, because STARTTLS starts encryption halfway through communication, the initial communication stage between the mail client (sender) and the mail server is not encrypted. This has the disadvantage that if malicious interference or eavesdropping occurs, damage cannot be prevented.
Which mail servers support "STARTTLS"?
In Japan, Gmail, Yahoo! Mail, Outlook.com, AOL Mail, etc. support STARTTLS. (As of May 29, 2023) When Gmail supported it in particular, the existence of "STARTTLS" became a hot topic.
■ Google to display warnings for unencrypted emails in Gmail [cnet Japan]
The impact of such major email service providers taking action is considerable, and it appears that Google itself also wanted to raise awareness of strengthening security among email users in general.
Therefore, when you receive an email in Gmail that does not support "STARTTLS", a clear warning will be displayed as shown below. It is a red unlocked padlock. If you hover your cursor over the padlock, it will also say "This email was not encrypted."
Both the sender and receiver must support STARTTLS.
To send and receive email encrypted using STARTTLS, both the receiving server and the sending server must support STARTTLS. If one of them does not support STARTTLS, the email will not be medical mail list encrypted, which may not be sufficient as an added layer of security. Some older email servers in particular may not be STARTTLS-enabled, so it is a good idea to check whether the recipient supports STARTTLS before sending an email.
Unable to check if encrypted
A disadvantage of STARTTLS is that there is no dedicated port number, so there is no way to check whether the message is encrypted. Also, because STARTTLS starts encryption halfway through communication, the initial communication stage between the mail client (sender) and the mail server is not encrypted. This has the disadvantage that if malicious interference or eavesdropping occurs, damage cannot be prevented.
Which mail servers support "STARTTLS"?
In Japan, Gmail, Yahoo! Mail, Outlook.com, AOL Mail, etc. support STARTTLS. (As of May 29, 2023) When Gmail supported it in particular, the existence of "STARTTLS" became a hot topic.
■ Google to display warnings for unencrypted emails in Gmail [cnet Japan]
The impact of such major email service providers taking action is considerable, and it appears that Google itself also wanted to raise awareness of strengthening security among email users in general.
Therefore, when you receive an email in Gmail that does not support "STARTTLS", a clear warning will be displayed as shown below. It is a red unlocked padlock. If you hover your cursor over the padlock, it will also say "This email was not encrypted."