StartTLS is used to encrypt the network connection between mail providers when they relay email.
Things that are great about StartTLS:
- It is easy to use, you don’t have to think about it.
- It allows protection of meta-data from dragnet surveillance.
- The user has no way to prove that a particular message was transmitted securely.
Riseup practices StartTLS verification with some of the other activist email providers.
- Red: Insecure, email can be read by a listener (or email headers if the body is encrypted with OpenPGP)
- Green: Secure, the transport is encrypted.