Technology with attitude

Google Planning to Notify Gmail Users when they Receive Unencrypted Mails


When you one your email account to check out what message your friend has sent you, it is possible that you never stop to think about the whereabouts of where this email was sent from and what it has gone through just to reach your inbox.

Despite the huge developments in the current technology that revolves around encryption of messages, there are still quite a number of mail providers that continue to send messages over connections which are not encrypted. In this light of things, Google is planning to start sending its users, notifications whenever they receive an email from an unencrypted source.

More providers now use encrypted messaging

Google has already defaulted to HTTPS standard that indicates one is using an encrypted connection when on Google Search, Drive as well as Gmail. In addition, the search engine giant started using encrypted protocols in its Gmail services last year. Yesterday, the company further revealed that the use of encrypted messaging has increased a lot in the past few years.

According to the Mountain View Company, the number of encrypted messages received via Gmail from other email vendors rose from 33% in 2013 to 61% in 2015. However, since Google has not achieved the 100% target it expects when it comes to receiving encrypted messages, it has resorted to other protective means that will ensure the users stay safe when using this email service.

“While these threats have no effect on Gmail to Gmail interactions, they may have effects on communications between providers”, Elie Bursztein and Nicolas Lidzborski revealed in a post.

Years of research

The above revelations are actually part of a multi-year research that Google has been carrying out on evolution of email security. In the report, Google said that email protection is now at a much better state than it was two years ago. On the contrary, there were some new challenges the study also found out; among them, the idea of some regions actively interfering with encryption of messages by simply tampering with requests made so as to start a secure SSL connection.

Furthermore, Google also revealed that there are malicious DNS servers that publish fake routing info to email servers thus giving attackers room to alter or censor some parts of messages before arriving in your inbox.

On the brighter side, Google revealed that up to 94% of all inbound Gmail emails come with some kind of authentication. Furthermore, the report says that technologies aimed at protecting the users against impersonation and phishing have now become a norm. Google further acknowledges that while it is almost impossible to do away with security threats, continued studies will be very helpful when it comes to better equipping with respect to fighting the threats.

“Security threats will not disappear, but carrying out studies like this one enables the email providers across the industry to be better equipped with more powerful predictions for fighting these threats”, Bursztein and Lidzborski added.