Other email providers are encouraged to adopt the secure communication standard

Aug 21, 2014 14:12 GMT  ·  By

Most of the notification emails from Facebook are currently sent in an encrypted form that safeguards the communication from prying eyes, benefiting from strict certificate validation.

In an effort of technology industry to thwart spying agencies’ activities, Facebook initiated deployment of the secure STARTTLS communication protocol and now they report that 95% of outbound messages are encrypted, with Perfect Forward Secrecy (PFS) property enabled.

PFS is a crytptographic component ensuring that session keys derived from public ones are not compromised even if one of the private keys is, since new keys are negotiated for every session.

Michael Adkins, a mail integrity engineer at Facebook, wrote in a blog post that the 95% barrier has been reached thanks to other major providers, Microsoft and Yahoo in particular, adopting the new communication standard.

“Since STARTTLS encryption requires both sides to deploy it, we encouraged others to take the next step. As a result of recent changes by major providers, most notably Microsoft and Yahoo, 95% of our notification emails are now successfully encrypted with both Perfect Forward Secrecy and strict certificate validation,” he said.

As such, deploying STARTTLS by remaining providers would lead to increased security of email messages for various notifications from Facebook.