More dirty work
https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacksRecently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.1
By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
This type of STARTTLS stripping attack has mostly gone unnoticed because it tends to be applied to residential networks, where it is uncommon to run an email server.
I would suggest these companies have been ordered to do this simply to read the "To" and "cc" fields of these emails, unfortunately in this case this attack leaves the whole of the email unencrypted, the NSA is pretty much desperate to read anything sent across the US and will use any trick to facilitate this activity.
What types of email encryption similar to this are about for folks to use while this particular vector is insecure ?
I notice that the EFF has a helpful page regarding the security of many messaging systems.
https://www.eff.org/secure-messaging-scorecard Pidgen with OTR is what I myself use instead of email and according to the EFF list thats a wise decision
