Tech giant Google is working hard to make your e-mail more secure as part of its Safer Internet Day festivities. The company is kicking encryption up a notch by making it automatic whenever possible.
Google’s goal is to ensure that when you send an e-mail message to a friend or colleague the intended recipient is the only one who ever sees it. But here’s the challenge: There are potentially many unauthorized eyes that would love to read your e-mail as it travels from your desktop, smartphone, laptop or tablet to their computing devices.
“Gmail has always supported encryption in transit using TLS, and will automatically encrypt your incoming and outgoing e-mails if it can,” said Google product manager John Rae-Grant, in a post on Google’s official blog. “We support industry-standard authentication to help combat e-mail impersonation.”
Two New Warnings
Encryption with the industry standard Transport Layer Security (TSL) keeps prying eyes away from your messages while they’re in transit, according to Google. TLS is a protocol that encrypts and delivers mail securely, for both inbound and outbound mail traffic.
Google has long encrypted e-mails — encoded them to deny the message content to any interceptors — as they’re routed from senders to receivers. The idea is to combat snooping by cybercriminals or government surveillance efforts. If an encrypted message is cracked, it only reveals what’s called cyphertext that has to be decrypted. But Google is taking additional steps to secure your e-mails. Starting now, if you use Web-based Gmail you could see one of two messages from Google.
“If you receive a message from, or are about to send a message to, someone whose e-mail service doesn’t support TLS encryption, you’ll see a broken lock icon in the message,” Rae-Grant said. “If you receive a message that can’t be authenticated, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar.”
Why TLS Is Important
However, Rae-Grant pointed out that just because you get an alert doesn’t mean that the e-mail is dangerous by default. It just means Google wants you to be extra careful about replying to e-mails or clicking on Web links in messages from people you don’t know. With the encryption updates, Google is offering tools that help you make decisions about what to open and what not to open.
“And there are tons of other security measures running behind the scenes to keep your e-mail safe,” Rae-Grant said. “Of course, it takes at least two people to send and receive an e-mail, so it’s really important that other services take similar measures to protect your messages — not just Gmail. Unfortunately, not all e-mail services do.”
Although incoming Gmail messages are protected, most of the SMTP servers that other companies use to send and relay e-mail aren’t using the industry standard TLS, leaving users at greater risk, according to a Google study in partnership with the University of Michigan and the University of Illinois at Urbana Champaign.
Insafe, Europe’s network of organizations focused on protecting safe and responsible online access for children and young people, organizes Safer Internet Day every February to promote safer and more responsible online and mobile device use.
