Gmail to snitch on unencrypted mail servers

By on
Gmail to snitch on unencrypted mail servers

To encourage further use of SSL/TLS.

Google has tweaked its popular Gmail email service to warn users when messages arrive from plain-text, unencrypted connections, in an effort to protect its customers' communications.

The company said the results of a two-year study by the universities of Michigan and Illinois on how email security has evolved since 2014, using Gmail as a reference point, showed that an much larger number of domains now support inbound encryption - 61 percent sent encrypted emails to Gmail this year, compared to less than a third in 2013.

For outbound messages from Gmail, 80 percent of domains accepted Transport Layer Security-encrypted messages. The study showed that the vast majority, 94 percent, of missives sent to the Google email provider were authenticated in some form to prevent phishing.

Google researchers discovered during the study that some "regions of the internet" were actively preventing message encryption by hindering requests to start Secure Sockets Layer/Transport Layer Security (SSL/TLS) connections.

The study also identified malicious domain name system (DNS) servers that announce false routing information to mail servers looking up the internet protocol (IP) address for Gmail as another security issue.

Such attacks, while rare, are concerning, Google said, as they could allow attackers to censor or alter messages before they're sent onto recipients.

The company will now notify Gmail users of messages that have passed through non-SSL/TLS encrypted servers.

In doing so it hopes to encourage more providers to introduce authentication and encryption of inbound and outbound email to help stave off security threats.

Google isn't alone in focusing on encrypting email traffic. Yahoo started encrypting all email connections in early 2014 by default, covering the open standard internet mail message access protocol v4 (IMAPv4), post office protocol (POP3) and the simple mail transport protocol (SMTP) for relaying messages.

Microsoft followed Yahoo's lead and added SSL/TLS encryption for incoming and outgoing messages the same year.

Copyright © iTnews.com.au . All rights reserved.
Tags:
email gmail google security ssltls

Most Read Articles

Petya damage to TNT Express systems is likely permanent

Petya damage to TNT Express systems is likely permanent
Meet WooliesX, the new digital arm of Woolworths

Meet WooliesX, the new digital arm of Woolworths
AWS warns users about open S3 buckets

AWS warns users about open S3 buckets
Why you should care about the govt's encryption crackdown

Why you should care about the govt's encryption crackdown
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?