Gmail to snitch on unencrypted mail servers

By on
Gmail to snitch on unencrypted mail servers

To encourage further use of SSL/TLS.

Google has tweaked its popular Gmail email service to warn users when messages arrive from plain-text, unencrypted connections, in an effort to protect its customers' communications.

The company said the results of a two-year study by the universities of Michigan and Illinois on how email security has evolved since 2014, using Gmail as a reference point, showed that an much larger number of domains now support inbound encryption - 61 percent sent encrypted emails to Gmail this year, compared to less than a third in 2013.

For outbound messages from Gmail, 80 percent of domains accepted Transport Layer Security-encrypted messages. The study showed that the vast majority, 94 percent, of missives sent to the Google email provider were authenticated in some form to prevent phishing.

Google researchers discovered during the study that some "regions of the internet" were actively preventing message encryption by hindering requests to start Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections.

The study also identified malicious domain name system (DNS) servers that announce false routing information to mail servers looking up the internet protocol (IP) address for Gmail as another security issue.

Such attacks, while rare, are concerning, Google said, as they could allow attackers to censor or alter messages before they're sent onto recipients.

The company will now notify Gmail users of messages that have passed through non-SSL/TLS encrypted servers.

In doing so it hopes to encourage more providers to introduce authentication and encryption of inbound and outbound email to help stave off security threats.

Google isn't alone in focusing on encrypting email traffic. Yahoo started encrypting all email connections in early 2014 by default, covering the open standard internet mail message access protocol v4 (IMAPv4), post office protocol (POP3) and the simple mail transport protocol (SMTP) for relaying messages.

Microsoft followed Yahoo's lead and added SSL/TLS encryption for incoming and outgoing messages the same year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
email gmail google security ssltls
In Partnership With

Most Read Articles

Centrelink loses welfare payments overhaul chief

Centrelink loses welfare payments overhaul chief
NBN Co limits gigabit services to just 7 percent of HFC footprint

NBN Co limits gigabit services to just 7 percent of HFC footprint
Aussie Broadband signs 2300 users to cheaper gigabit NBN plans

Aussie Broadband signs 2300 users to cheaper gigabit NBN plans
Aussie Broadband to offer 'best effort' gigabit NBN plans for $149

Aussie Broadband to offer 'best effort' gigabit NBN plans for $149
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage
Organizations Increasing Their Adoption of NFV
Organizations Increasing Their Adoption of NFV
Modernise IT by Reducing Your Reliance on AD
Modernise IT by Reducing Your Reliance on AD
The Maturity of Zero Trust in Australia and New Zealand
The Maturity of Zero Trust in Australia and New Zealand

Events

Log In

Username / Email:
Password:
  |  Forgot your password?