Not too many years ago, you sent and received emails without thinking too much about security. That has changed over the past few years as hackers have become more sophisticated, and as the government’s snooping on you was exposed by Edward Snowden.
We’re in the era of the hack, and with an increasing amount of data breaches, it can be important to take the appropriate steps to be as safe as possible online These days, most emails are secured using encryption, which is a method of hiding your information behind passwords. Google has been ramping up its use of encryption on its Gmail service.
Gmail will now warn users when they’re exchanging email with someone whose email provider doesn’t support server-to-server message encryption i.e. if a message that you’ve been sent can’t be properly authenticated with Sender Policy Framework (SPF) or DKIM, Google announced this week.
SPF is basically a way for spam messages to be identified and recorded, so that in the future you and others will be warned if another email comes from the same person. If you’re a business owner with Google Apps, you can create an SPF record that identifies the mail servers that are authorized for your domain.
DKIM, on the other hand, involves you adding a digital signature to your messages with the DKIM standard. This signature then tells the server to encrypt outgoing mail, after which a public key can be used to decrypt the email once it has arrived at its destination.
“If you receive a message that can’t be authenticated, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar,” according to Google’s blog post.
In that case, Gmail will now warn users with a broken lock icon, similar to what’s used in Chrome and other browsers to indicate an insecure connection. The company said in 2014 that about 40 to 50 percent of emails between Gmail and other providers weren’t encrypted.
The second step that Google is taking to make Gmail safer is that on the desktop version of Gmail, if you get an email that has a link to a known dangerous website, you’ll see warnings when you click on the link and before you’re taken to the link address.
This warning follows a multiyear study by Google, the University of Michigan and the University of Illinois. They found some good news related to email security. Notably, 61% of non-Gmail emails coming into Gmail are encrypted, up from 33% two years ago.
Gmail has security features, too. For example, Gmail defaults to using HTTPS, which encrypts your messages.
Still, Google and the universities found that, while most emails are encrypted, there are areas of the “Internet actively preventing message encryption by tampering with requests to initiate SSL connections.” SSL connections are used to established encrypted links between a Web browser and a server.
Google also said they found malicious servers that create fake routing information to email servers that were trying to connect with Gmail. Attackers could intercept your emails and change them. Google says this kind of attack is rare, but still a concern.
Google’s upcoming warning system will alert Gmail users if messages from a non-encrypted connection. That warning system will roll out over the next few months.