Google celebrated Safer Internet Day on Feb. 9 by making a practical stand against unsecured email. The company announced on its Official Gmail Blog that it was making changes to Gmail that make the use of an unsecured connection in mail explicit. And since Gmail passed 1 billion users recently, this move affects an awful lot of email.
Unsecured Email Marking
The new changes will show if a user receives email from, or sends email to, a service that does not support transport layer security (TLS) encryption. Gmail will now display a broken lock in the affected message at the top right corner.
Gmail has a long history of using TLS for encryption in transit, but if the receiving end does not use it, too, then it is not effective. According to TechCrunch, Google said last year that 57 percent of messages sent to Gmail users are encrypted, compared to 81 percent of outgoing messages from Gmail.
The Authentication Process
If a message can’t be authenticated by Google, it will display a question mark in place of the user’s photo or icon. This alerts a user that the message has a higher possibility of being of questionable origin.
However, “authentication by itself is not enough to guarantee your messages can be delivered, as spammers can also authenticate mail,” Google noted. “Similarly, the fact that a message is unauthenticated isn’t enough to classify it as spam because some senders don’t authenticate their mail or because authentication breaks in some cases (for example, when messages are sent to mailing lists).”
Google also warned that if a user receives a message from a major entity, such as a financial institution or an email provider such as Yahoo or Hotmail, and it isn’t authenticated, the message is most likely forged. That signals that one should be careful about replying to it or opening any attachments. The idea here is that phishing emails generally have certain characteristics, and not being authenticated is one of them.
Ultimately, this authentication is a warning but not a deal breaker when it comes to email; there can be false positives and false negatives. But adding these tools to an email system such as Gmail allows the messages that don’t play by the rules stand out. Hopefully, this adds to a user’s security awareness.