Gmail to snitch on unencrypted mail servers

By on
Gmail to snitch on unencrypted mail servers

To encourage further use of SSL/TLS.

Google has tweaked its popular Gmail email service to warn users when messages arrive from plain-text, unencrypted connections, in an effort to protect its customers' communications.

The company said the results of a two-year study by the universities of Michigan and Illinois on how email security has evolved since 2014, using Gmail as a reference point, showed that an much larger number of domains now support inbound encryption - 61 percent sent encrypted emails to Gmail this year, compared to less than a third in 2013.

For outbound messages from Gmail, 80 percent of domains accepted Transport Layer Security-encrypted messages. The study showed that the vast majority, 94 percent, of missives sent to the Google email provider were authenticated in some form to prevent phishing.

Google researchers discovered during the study that some "regions of the internet" were actively preventing message encryption by hindering requests to start Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections.

The study also identified malicious domain name system (DNS) servers that announce false routing information to mail servers looking up the internet protocol (IP) address for Gmail as another security issue.

Such attacks, while rare, are concerning, Google said, as they could allow attackers to censor or alter messages before they're sent onto recipients.

The company will now notify Gmail users of messages that have passed through non-SSL/TLS encrypted servers.

In doing so it hopes to encourage more providers to introduce authentication and encryption of inbound and outbound email to help stave off security threats.

Google isn't alone in focusing on encrypting email traffic. Yahoo started encrypting all email connections in early 2014 by default, covering the open standard internet mail message access protocol v4 (IMAPv4), post office protocol (POP3) and the simple mail transport protocol (SMTP) for relaying messages.

Microsoft followed Yahoo's lead and added SSL/TLS encryption for incoming and outgoing messages the same year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
email gmail google security ssltls

Most Read Articles

Samsung weighs dropping Bixby as Google dangles new mobile apps deal

Samsung weighs dropping Bixby as Google dangles new mobile apps deal
'Massive messaging storm' takes out Telstra's DNS infrastructure

'Massive messaging storm' takes out Telstra's DNS infrastructure
Travel giant CWT pays $6.3m ransom to cyber criminals

Travel giant CWT pays $6.3m ransom to cyber criminals
Toll Group unveils year-long 'accelerated' cyber resilience program

Toll Group unveils year-long 'accelerated' cyber resilience program
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency
Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage

Events

Log In

Username / Email:
Password:
  |  Forgot your password?