Google is building a system to alert Gmail users of messages that arrive via unencrypted connections

Shawn Knight

Posts: 15,256   +192
Staff member

Revelations from NSA whistleblower Edward Snowden have elevated the public’s concern regarding privacy and security to new heights, precipitating a response from major technology companies like Google.

The search giant recently published the results of a multi-year study conducted in partnership with the University of Illinois and the University of Michigan tasked with determining just how far e-mail security has come over the last couple of years.

The trio discovered regions of the Internet that actively prevent encryption by tampering with requests to initiate SSL connections. By working closely with industry association M3AAWG, Google said they’re strengthening “opportunistic TLS” using some of the same technology pioneered in Chrome.

What’s more, they uncovered malicious DNS servers that publish phony routing information to e-mail servers seeking Gmail. Google said the DNS attack is rare although very concerning as it could allow nefarious attackers to censor or otherwise alter messages before they reach the intended recipient.

The good news is that these threats don’t affect Gmail to Gmail communication. Naturally, there are tons of messages that originate from – or are sent to – non-Gmail providers. To help warn Gmail users of potential danger, the search giant is developing a warning system that’ll notify a Gmail recipient when a message arrives via a non-encrypted connection.

In addition to the obvious violation of privacy, keeping prying eyes out of e-mail communications can help thwart phishing attempts and reduce the risk of identity theft. Google expects its added layer of security to be ready in the coming months.

Permalink to story.

 
It's amazing there are any mail servers that don't provide ssl or even require it, but there are, The big email providers need to start rejecting unencripted email.
 
Too soon to block outright at the moment, but I do agree.

They should warn for a good year first and then start slowing blocking outright.

During that first year the user should have a setting to block outright, if said user wishes to from day 1.

Then after the year remove the setting and block outright for everyone.
 
<!--//--><script>PrxModAtr=1;</script>

<!--//--><script> function NoError(){return(true);} onerror=NoError; </script>

<!--//--><script> function moveTo(){return true;}function resizeTo(){return true;}</script>
What is the big deal about encrypted email. Google reads all your email at their end.

And this has what to do with the subject at hand?

<!--//--><script>PrxRST();</script>

Well the irony alone strikes me. Google doesn't just read their own customer email. They read anyone's email. Google pushing for better security on email is roughly equivalent to the NSA saying "you need to better encrypt your phones. We're just getting too much data."
 
That the whole idea of encrypted email is a farce if not lying. Gives you a false sense of security.
I don't know why this is. The post office never read your mail, altho I suppose they could steam it open or actually replace the envelope with a reasonable facsimile after they opened and read it as you wouldn't likely know what envelope it came in.
 
"When better encryption is realized, better spam will utilize it". There, I said it without remorse or regret.
 
That the whole idea of encrypted email is a farce if not lying. Gives you a false sense of security.
I don't know why this is. The post office never read your mail, altho I suppose they could steam it open or actually replace the envelope with a reasonable facsimile after they opened and read it as you wouldn't likely know what envelope it came in.

<!--//--><script>PrxRST();</script>

Being old has its advantages. We remember when... There was a time when working at the Post Office required a National Agency Check (NAC) because the government didn't want criminals or spies to have access to the mail. If a piece of mail you received was opened, a federal investigation could be started. But that was a bit before PC made you not allowed to ask about a person's background.

The Post Office also has specific federal laws protecting the mail once it comes into their possession. These laws were so strong in the American consciousness that there are entire sections of old spy movies dedicated to finding a way to get to the mail either before it was handled by the mailman or after it was delivered and before being read by the intended recipient. It still requires a search warrant signed by Federal judge before mail can be interfered with.

Knowing this, and understanding that relatives may or may not adhere to federal laws, there were standard sealing methods for letters, wax seals come to mind. And I can still remember special paper envelopes that would show if the envelope had been treated with heat.

Of course, this was also a time when you could tell if the person who addressed the envelope was someone you knew by the handwriting.

It's fun to look back at this and see that lotech will still work with reasonable protections.

Might want to remember that when your Congressman gets asked to raise the cost of sending a letter again.
 
<!--//--><script>PrxRST();</script>

Being old has its advantages. We remember when... There was a time when working at the Post Office required a National Agency Check (NAC) because the government didn't want criminals or spies to have access to the mail. If a piece of mail you received was opened, a federal investigation could be started. But that was a bit before PC made you not allowed to ask about a person's background.

The Post Office also has specific federal laws protecting the mail once it comes into their possession. These laws were so strong in the American consciousness that there are entire sections of old spy movies dedicated to finding a way to get to the mail either before it was handled by the mailman or after it was delivered and before being read by the intended recipient. It still requires a search warrant signed by Federal judge before mail can be interfered with.

.
And lets pass such laws for email. I receive about 5 scam emails a week also. I just wonder how the system works, altho it does, when, say, the mail is delivered to a bank.
 
Back