This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server2. STARTTLS was also relatively uncommon until late 2013, when EFF started rating companies on whether they used it. Since then, many of the biggest email providers implemented STARTTLS to protect their customers. We continue to strongly encourage all providers to implement STARTTLS for both outbound and inbound email. Google's Safer email transparency report and starttls.info are good resources for checking whether a particular provider does.

Gmail represents a dying class of products that, like Google Reader, puts control in the hands of users, not signal-harvesting algorithms.

Mail-in-a-Box turns a fresh cloud computer into a working mail server.

You get contact synchronization, spam filtering, and so on. On your phone, you can use apps like K-9 Mail and CardDAV-Sync free beta to sync your email and contacts between your phone and your box. And in your browser:

Love it or hate it, there’s no denying the popularity of HTML emails. And, like the web before it, the inbox has officially gone mobile—with over 50 percent of email opens occurring on mobile devices.

...

Building on the principles of responsive web design first codified by Ethan Marcotte, a revolution in email design is giving birth to an experience fast approaching that of the modern web. Subscribers need no longer be subjected to terrible reading experiences, frustrating touch targets, and tiny text.

Lavabit, the security-conscious email provider that was the preferred email service of NSA leaker Edward Snowden, has closed its doors, citing US government interference. § "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit," founder Ladar Levinson said in a statement posted to the company's homepage on Thursday. "After significant soul searching, I have decided to suspend operations."

Now you can quickly view your DomainKeys, DKIM, and SPF validitay, and SpamAssassin score in one place. Just send an email to any address @www.brandonchecketts.com. Then check here to see the results.

ElasticInbox is open source, reliable, distributed, scalable email store. The goal of this project is to provide highly available email store without a single point of failure which can run on commodity hardware and scale linearly. ElasticInbox can easily scale to millions of mailboxes, with hundreds of thousands messages in each mailbox.

Perdition is a POP3, IMAP4 and managesieve proxy server. It is able to handle both plain-text and SSL/TLS encrypted connections, and redirect users to a real-server based on a database lookup. Perdition supports modular based database access. ODBC, MySQL, PostgreSQL, GDBM, POSIX Regular Expression and NIS modules ship with the distribution. The API for modules is open allowing arbitrary modules to be written to allow access to any data store. Perdition has many uses. Including, creating large mail systems where an end-user's mailbox may be stored on one of several hosts, integrating different mail systems together, migrating between different email infrastructures, and bridging plain-text and SSL/TLS services. It can also be used as part of a firewall. The use of perditon to scale mail services beyond a single box is discussed in high capacity email.

DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. [...] A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

A very funny story about a man who has seen a problem and is prescribing a "solution" that is 100% wrong and the complete opposite of what needs to be done:

Thierry Breton, Atos’s 56-year-old chief executive officer who is a former French finance minister [...] pointed to a recent study by the business watchdog ORSE, which reads: ‘Reading useless messages is terrible for concentration, as it takes 64 seconds to get back on the ball after doing so. Poorly controlled, the e-mail can become a devastating tool.’

Mr Breton suggested that a real time messaging interface as available on sites like Facebook would be far preferable to email, with staff also encouraged to talk to each other in person.

So an email, that you can reply to at your leisure, wastes time, but an instant message, that calls for immediate attention, does not? Oookay then. As for Facebook, he must have added that for comic effect. Right? Right?