Why TLS is better without STARTTLS A Security Analysis of STARTTLS in the Email Context by Damian Poddebniak¹, Fabian Ising¹, Hanno Böck², and Sebastian Schinzel¹ ¹ Münster University of Applied Sciences ² Independent Researcher Full paper published at USENIX Security 21 Introduction Connections between email clients and servers provide two ways to be protected with TLS: While implicit TLS encrypt