Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services.
Elie Bursztein, the head of Google’s anti-abuse research team, said at RSA Conference that SMTP STS will be a major impediment to man-in-the-middle attacks that rely on rogue certificates that are likely forged, stolen or otherwise untrusted. Google, Microsoft, Yahoo and Comcast are expected to adopt the standard this year, a draft of which was submitted to the IETF in March 2016.
Full Article