Gmail to alert users to unsecured or unauthenticated email messages


Gmail will now alert users to unsecured or unauthenticated email messages, as Google marks Safer Internet Day by ratcheting up the security of its popular email service, according to an announcement on the official Google blog.

"Today, we're introducing changes in Gmail on the Web to let people know when a received message was not encrypted, if you're composing a message to a recipient whose email service doesn't support TLS encryption, or when the sender's domain couldn't be authenticated," wrote Gerhard Eschelbeck, the vice president of security and privacy at Google.

The change means that email messages sent to an email server that doesn't support TLS encryption will display an image of a broken lock icon, while received messages that can't be authenticated will display a question mark in place of a profile photo or logo.

Sender Policy Framework and DomainKeys Identified Mail are two technologies designed specifically to combat the inherent trust of the SMTP protocol used to send emails. While typically used by spam filters to score the likelihood of an email message being spam, the move to integrate them into Gmail will be great in the battle against phishing, and will hopefully encourage other large email providers to do the same.

For now, we couldn't find both features when we checked before going to press. Google is presumably in the process of rolling out the feature to users around the world, so keep an eye out for it.

For more:
- check out this blog Google
- check out this article at ZDNet

Related Articles:
Google Chrome to issue alert about non-secure sites
Chrome 46 loosens up on mixed content warnings
Serious FREAK flaw renders Android, iOS devices vulnerable to HTTPS snooping