STARTTLS
What is STARTTLS?
STARTTLSAn SMTP, IMAP, POP3, and XMPP extension defined in RFC 3207 that upgrades a plaintext connection to TLS after the protocol greeting, enabling opportunistic encryption between mail servers and clients.
STARTTLS is the SMTP extension specified in RFC 3207 (with parallels for IMAP/POP3 in RFC 2595 and XMPP in RFC 6120) that allows a client and server to negotiate TLS on the same TCP port after an initial cleartext handshake. The server advertises the STARTTLS capability with EHLO; the client issues STARTTLS and the connection is upgraded to TLS using certificates and ciphers like TLS 1.2/1.3 with AEAD. Because STARTTLS is opportunistic by default, an active attacker can strip the STARTTLS advertisement and force plaintext delivery; this risk is mitigated by MTA-STS, DANE, and certificate validation. Modern deployments require TLS, validate certificates, and prefer implicit TLS on ports 465 (submissions) and 993 (IMAPS) for client connections.
● Examples
- 01
Two mail servers issuing EHLO and STARTTLS over port 25 to upgrade to TLS 1.3 before exchanging messages.
- 02
A mail client connecting on port 587, sending STARTTLS, and then authenticating over the encrypted channel.
● Frequently asked questions
What is STARTTLS?
An SMTP, IMAP, POP3, and XMPP extension defined in RFC 3207 that upgrades a plaintext connection to TLS after the protocol greeting, enabling opportunistic encryption between mail servers and clients. It belongs to the Network Security category of cybersecurity.
What does STARTTLS mean?
An SMTP, IMAP, POP3, and XMPP extension defined in RFC 3207 that upgrades a plaintext connection to TLS after the protocol greeting, enabling opportunistic encryption between mail servers and clients.
How does STARTTLS work?
STARTTLS is the SMTP extension specified in RFC 3207 (with parallels for IMAP/POP3 in RFC 2595 and XMPP in RFC 6120) that allows a client and server to negotiate TLS on the same TCP port after an initial cleartext handshake. The server advertises the STARTTLS capability with EHLO; the client issues STARTTLS and the connection is upgraded to TLS using certificates and ciphers like TLS 1.2/1.3 with AEAD. Because STARTTLS is opportunistic by default, an active attacker can strip the STARTTLS advertisement and force plaintext delivery; this risk is mitigated by MTA-STS, DANE, and certificate validation. Modern deployments require TLS, validate certificates, and prefer implicit TLS on ports 465 (submissions) and 993 (IMAPS) for client connections.
How do you defend against STARTTLS?
Defences for STARTTLS typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for STARTTLS?
Common alternative names include: SMTP STARTTLS, TLS Upgrade.
● Related terms
- network-security№ 764
Opportunistic TLS
An encryption posture in which two parties use TLS when both support it and fall back to plaintext otherwise, typical of SMTP between mail servers using STARTTLS without strong authentication.
- network-security№ 707
MTA-STS
An email security mechanism defined in RFC 8461 that lets a domain require TLS for inbound SMTP and pin a list of trusted MX hostnames, defeating downgrade and STARTTLS-stripping attacks.
- network-security№ 270
DANE
A protocol family defined in RFC 6698 that uses DNSSEC-signed TLSA records to bind TLS server certificates or public keys to a service, removing reliance on the public CA system.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- network-security№ 984
Secure Email Gateway
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
- network-security№ 1091
SSL Stripping
A man-in-the-middle attack that silently downgrades a victim's HTTPS connection to plain HTTP so the attacker can read and modify the traffic.