Gmail has your back, will warn you if you click on a link to a malicious site

Not too many years ago, you sent and received emails without thinking too much about security. That has changed over the past few years as hackers have become more sophisticated, and as the government’s snooping on you was exposed by Edward Snowden.

We’re in the era of the hack, and with an increasing amount of data breaches, it can be important to take the appropriate steps to be as safe as possible online These days, most emails are secured using encryption, which is a method of hiding your information behind passwords. Google has been ramping up its use of encryption on its Gmail service.

Gmail will now warn users when they’re exchanging email with someone whose email provider doesn’t support server-to-server message encryption i.e. if a message that you’ve been sent can’t be properly authenticated with Sender Policy Framework (SPF) or DKIM, Google announced this week.

RECOMMENDED : The undercover war on your internet secrets : How online surveillance cracked our trust in the web

SPF is basically a way for spam messages to be identified and recorded, so that in the future you and others will be warned if another email comes from the same person. If you’re a business owner with Google Apps, you can create an SPF record that identifies the mail servers that are authorized for your domain.

DKIM, on the other hand, involves you adding a digital signature to your messages with the DKIM standard. This signature then tells the server to encrypt outgoing mail, after which a public key can be used to decrypt the email once it has arrived at its destination.

“If you receive a message that can’t be authenticated, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar,” according to Google’s blog post.

3056632-inline-i-gmail-will-now-warn-you-if-incoming-messages-cant-be-encrypted.gif

In that case, Gmail will now warn users with a broken lock icon, similar to what’s used in Chrome and other browsers to indicate an insecure connection. The company said in 2014 that about 40 to 50 percent of emails between Gmail and other providers weren’t encrypted.

The second step that Google is taking to make Gmail safer is that on the desktop version of Gmail, if you get an email that has a link to a known dangerous website, you’ll see warnings when you click on the link and before you’re taken to the link address.

 

This warning follows a multiyear study by Google, the University of Michigan and the University of Illinois. They found some good news related to email security. Notably, 61% of non-Gmail emails coming into Gmail are encrypted, up from 33% two years ago.

Gmail has security features, too. For example, Gmail defaults to using HTTPS, which encrypts your messages.

Still, Google and the universities found that, while most emails are encrypted, there are areas of the “Internet actively preventing message encryption by tampering with requests to initiate SSL connections.” SSL connections are used to established encrypted links between a Web browser and a server.

Google also said they found malicious servers that create fake routing information to email servers that were trying to connect with Gmail. Attackers could intercept your emails and change them. Google says this kind of attack is rare, but still a concern.

Google’s upcoming warning system will alert Gmail users if messages from a non-encrypted connection. That warning system will roll out over the next few months.

One thought on “Gmail has your back, will warn you if you click on a link to a malicious site

  1. Pingback: How to tell if someone is tracking your email? | Verdict

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s