This isn't really new news, but improperly configured mail services result in lots of privacy holes across the Internet.
STARTTLS is used to upgrade an unencrypted connection to an encrypted SSL/TLS connection. The problem is that if the upgrade fails, many mail clients will proceed to send mail on the unencrypted connection.
For any sysadmins (technical info):
Unfortunately, the situation is somewhat sticky. I suggest reading carefully the TLS/SSL section of https://wiki.debian.org/PostfixAndSASL as well as the STARTTLS RFC http://tools.ietf.org/html/rfc2487
Public email servers should not require STARTTLS (that is, encryption) on port 25 (smtp). Furthermore, there is no guarantee that all of the mail servers during transit of an email use encryption. Thus, you should assume your email is transmitted unencrypted, until a better solution emerges. You can always use OpenPGP to encrypt the body of your email, which should become commonplace shortly after Hurd achieves market dominance.
Editors Note: How to articles for various flavors of Microsoft Exchange can be found at MSExchange.org.
(Score: 2) by frojack on Monday November 02 2015, @09:26PM
Unencrypted, failed SPF, no reverse DNS, banner mismatches,
Its amazing how many places won't accept mail from Joe Random User. I end up forwarding all outbound through my hosting site, even though my MX points to my local Linux mail server for receipt. Even with a static IP and a certificate, some places will bounce your mail if your reverse even looks a little bit generic, and my current ISP will not let me control the reverse. The best they offer is a "BusinessClass" label in the reverse.
As for encryption, there is something to be said for webmail. Its usually all HTTPS, and its the easiest way to have Mom's mail set up.
I have opportunistic encryption set up on Thunderbird+Enigmail and it really isn't a problem to use. The Setup Wizard will pretty much do the whole thing these days, including setting up a key pair.
No, you are mistaken. I've always had this sig.