Google launches encrypted email initiative

By on
Google launches encrypted email initiative

Reveals domains that send unencrypted messages.

Google will begin publishing details of the proportion of encrypted emails transmitted to and from its Gmail service, including naming the domains that it communicates with, as part of its 'Transparency Report' privacy initiative.

Called Safer Email, the project aims to encourage email providers to encrypt messages by default, instead of sending them in clear text across the internet.

Unencrypted messages "are as open to snoopers as a postcard in the mail" the company said. 

Email is increasingly being used to transmit sensitive data containing personal and financial information, as well as being utilised for two-factor authentication challenges for additional security.

Sending such messages in clear text creates "a prime target for eavesdropping and mass interception as they cross dozens of optical fibres and routers," Google noted.

Currently, 69 percent of messages sent via Gmail to other providers are encrypted, according to Google data. For received emails, the percentage is far lower at 48 percent.

This roughly mirrors the findings of a Facebook survey in May this year of mail exchangers either requiring or optionally offering the STARTTLS command, which kicks off encrypted communications between servers.

For Australia and New Zealand, the percentage of domains encrypting messages transmitted to and from Gmail varies, with some of the larger domains not encrypting at all, according to Google's figures.

The data behind Google's Safer Email project is available in spreadsheet form. This includes a list of domains that exchange messages with Gmail and the percentage of which are encrypted, with 7160 entries so far.

Message recipients are counted in the data. Simple Mail Transfer Protocol (SMTP) connections, or emails flagged as spam, are not.

Google is also working on a separate per-message public key encryption feature. The end-to-end Chrome extension uses OpenPGP and lets users encrypt, digitally sign and verify signatures in the browser.

End-to-End uses one passphrase per key ring, not per key, so as to minimise the number of passwords to remember. It will encrypt the body of the message but not attachments, email subject lines or the list of recipients.

Currently in an early beta, Google said End-to-End won’t be released to the Chrome Web Store until the extension has been fully tested by the developed community.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?