For snoopers, unencrypted emails are easy pickings, but a new Gmail initiative will help cement email encryption as the standard rather than an exception.
A joint study carried out by staff from the University of Michigan, University of Illinois, and Google, Inc., surfaced two new areas for concern when it comes to email confiendtiality.
In a November 12 blog post, Google staff said they were working closely with industry association M3AAWG to protect against “regions of the Internet” that “actively prevent message encryption.”
And while Gmail-to-Gmail messages are already encrypted by default, the consortium’s paper, An Empirical Analysis of Email Delivery Security, discovered rogue internet servers looking for a way into non-encrypted emails, specifically targeting Gmail.
“To notify our users of potential dangers, we are developing in-product warnings for Gmail users that will display when they receive a message through a non-encrypted connection,” wrote Google’s Anti-Fraud and Abuse Researcher, Elie Bursztein, and colleague Nicolas Lidzborski, the Gmail Security Engineering Lead.
“These warnings will begin to roll-out in the coming months.”
Much improvement has already been seen. The report found that the percentage of encrypted emails sent to Gmail addresses from non-Gmail addresses rose from 33% to 61% between December 2013 and October 2015.
Outbound security has also been on the up, with the use of TLS in messages from Gmail to non-Gmail accounts rising from 60% to 80%; more than 94% of inbound messages to Gmail now carry some form of authentication.