Gmail to snitch on unencrypted mail servers

By on
Gmail to snitch on unencrypted mail servers

To encourage further use of SSL/TLS.

Google has tweaked its popular Gmail email service to warn users when messages arrive from plain-text, unencrypted connections, in an effort to protect its customers' communications.

The company said the results of a two-year study by the universities of Michigan and Illinois on how email security has evolved since 2014, using Gmail as a reference point, showed that an much larger number of domains now support inbound encryption - 61 percent sent encrypted emails to Gmail this year, compared to less than a third in 2013.

For outbound messages from Gmail, 80 percent of domains accepted Transport Layer Security-encrypted messages. The study showed that the vast majority, 94 percent, of missives sent to the Google email provider were authenticated in some form to prevent phishing.

Google researchers discovered during the study that some "regions of the internet" were actively preventing message encryption by hindering requests to start Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections.

The study also identified malicious domain name system (DNS) servers that announce false routing information to mail servers looking up the internet protocol (IP) address for Gmail as another security issue.

Such attacks, while rare, are concerning, Google said, as they could allow attackers to censor or alter messages before they're sent onto recipients.

The company will now notify Gmail users of messages that have passed through non-SSL/TLS encrypted servers.

In doing so it hopes to encourage more providers to introduce authentication and encryption of inbound and outbound email to help stave off security threats.

Google isn't alone in focusing on encrypting email traffic. Yahoo started encrypting all email connections in early 2014 by default, covering the open standard internet mail message access protocol v4 (IMAPv4), post office protocol (POP3) and the simple mail transport protocol (SMTP) for relaying messages.

Microsoft followed Yahoo's lead and added SSL/TLS encryption for incoming and outgoing messages the same year.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
email gmail google security ssltls

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it
Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network
Trump pardons former Google self-driving car engineer

Trump pardons former Google self-driving car engineer
Defence switches on initial SAP ERP system capability

Defence switches on initial SAP ERP system capability
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?