January 23rd, 2026
Back in March of 2025, I first did a quick check of
which web sites use
post-quantum cryptography, with an update in September. This
looked at the use of the post-quantum / traditional
(PQ/T) hybrid TLS 1.3 key exchange X25519MLKEM768 for web traffic.
But there's more to the internet than just web traffic, and given that we now have PQC support in most widely used libraries and toolkits, I thought it'd be useful to check the current state of quantum-safety in other applications.
Having X25519MLKEM768
support in TLS means that any application
layer protocol that uses TLS can, at least in theory,
already be as quantum-safe as HTTPS. And one of the
most widely used services on the internet besides
HTTPS is the Simple Mail Transfer Protocol (SMTP) --
email.
Now it's true that SMTP by and large uses only
opportunistic encryption via STARTTLS,
but support for that is pretty widespread, and,
conveniently, easy enough to test. All we have to do is use
our OpenSSL swiss-army knife s_client and check that we can
establish a connection using the hybrid key
group:
$ openssl s_client -tls1_3 -groups X25519MLKEM768 -starttls smtp -connect mx.example.com:25 Connecting to 2001:db8::9803:d206:205e:5148 CONNECTED(00000005) [...] New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 [...] --- 250 STARTTLS
Easy enough! So I went ahead and pulled down the latest Tranco Top1M Domains list, looked up each domain's respective MX records, and counted how many allow a PQC key exchange for SMTP STARTTLS.
Mail Servers supporting PQC
As I had noticed back in
2023, the majority of all domains' MX servers
ultimately break down into a comparatively small
number of service providers. Specifically, for the 1
million second-level domains I looked at, there were
only a total of 367,190 mail servers. Out of those,
only 965 mail servers supported X25519MLKEM768.
That's right: only 0.26% of mail servers support PQC for STARTTLS as of January 2026. Now granted, these 965 mail servers are responsible for almost 14% (~138K) of the top one million domains, but it's still a very small number.
What's more, there really are only three large email providers who have enabled PQC for SMTP STARTTLS so far. They are:
- Google, with 84 individual SMTP servers responsible for over 137K second-level domains (including, obviously, Gmail)
- Yahoo, with 14 individual SMTP servers
responsible for about 257 second-level domains
(including, obviously,
yahoo.com) seznam.cz, a Czech service provider with 509 individual SMTP servers responsible for about 252 second-level domains
All other PQC enabled SMTP servers are, effectively,
one-offs, responsible for individual domains (e.g.,
University of Vienna's univie.ac.at) or
somebody running their own mail server on, e.g.,
Hetzner, OVHCloud, or Linode.
None of the other major email providers such as, e.g.,
GoDaddy Hosted Mail (secureserver.net, covering at
least 4871 domains in the Top1M), Namecheap (registrar-servers.com, 7313
domains), or Microsoft (outlook.com, serving over 105K
domains!) seem to have enabled PQC yet.
Looks like we have a long way to go before PQC protects your emails in transit. Maybe talk to your email service provider and ask them to enable hybrid key exchange in STARTTLS.
January 23rd, 2026
Links: