Gmail to snitch on unencrypted mail servers

Google has tweaked its popular Gmail email service to warn users when messages arrive from plain-text, unencrypted connections, in an effort to protect its customers' communications.

The company said the results of a two-year study by the universities of Michigan and Illinois on how email security has evolved since 2014, using Gmail as a reference point, showed that an much larger number of domains now support inbound encryption - 61 percent sent encrypted emails to Gmail this year, compared to less than a third in 2013.

For outbound messages from Gmail, 80 percent of domains accepted Transport Layer Security-encrypted messages. The study showed that the vast majority, 94 percent, of missives sent to the Google email provider were authenticated in some form to prevent phishing.

Google researchers discovered during the study that some "regions of the internet" were actively preventing message encryption by hindering requests to start Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections.

The study also identified malicious domain name system (DNS) servers that announce false routing information to mail servers looking up the internet protocol (IP) address for Gmail as another security issue.

Such attacks, while rare, are concerning, Google said, as they could allow attackers to censor or alter messages before they're sent onto recipients.

The company will now notify Gmail users of messages that have passed through non-SSL/TLS encrypted servers.

In doing so it hopes to encourage more providers to introduce authentication and encryption of inbound and outbound email to help stave off security threats.

Google isn't alone in focusing on encrypting email traffic. Yahoo started encrypting all email connections in early 2014 by default, covering the open standard internet mail message access protocol v4 (IMAPv4), post office protocol (POP3) and the simple mail transport protocol (SMTP) for relaying messages.

Microsoft followed Yahoo's lead and added SSL/TLS encryption for incoming and outgoing messages the same year.