Google is building a system to alert Gmail users of messages that arrive via unencrypted connections

By Shawn Knight ยท 10 replies
Nov 13, 2015
Post New Reply
  1. Revelations from NSA whistleblower Edward Snowden have elevated the public’s concern regarding privacy and security to new heights, precipitating a response from major technology companies like Google.

    The search giant recently published the results of a multi-year study conducted in partnership with the University of Illinois and the University of Michigan tasked with determining just how far e-mail security has come over the last couple of years.

    The trio discovered regions of the Internet that actively prevent encryption by tampering with requests to initiate SSL connections. By working closely with industry association M3AAWG, Google said they’re strengthening “opportunistic TLS” using some of the same technology pioneered in Chrome.

    What’s more, they uncovered malicious DNS servers that publish phony routing information to e-mail servers seeking Gmail. Google said the DNS attack is rare although very concerning as it could allow nefarious attackers to censor or otherwise alter messages before they reach the intended recipient.

    The good news is that these threats don’t affect Gmail to Gmail communication. Naturally, there are tons of messages that originate from – or are sent to – non-Gmail providers. To help warn Gmail users of potential danger, the search giant is developing a warning system that’ll notify a Gmail recipient when a message arrives via a non-encrypted connection.

    In addition to the obvious violation of privacy, keeping prying eyes out of e-mail communications can help thwart phishing attempts and reduce the risk of identity theft. Google expects its added layer of security to be ready in the coming months.

    Permalink to story.

  2. bexwhitt

    bexwhitt TS Guru Posts: 372   +83

    It's amazing there are any mail servers that don't provide ssl or even require it, but there are, The big email providers need to start rejecting unencripted email.
  3. war59312

    war59312 TS Booster Posts: 131   +11

    Too soon to block outright at the moment, but I do agree.

    They should warn for a good year first and then start slowing blocking outright.

    During that first year the user should have a setting to block outright, if said user wishes to from day 1.

    Then after the year remove the setting and block outright for everyone.
  4. tonylukac

    tonylukac TS Evangelist Posts: 1,372   +70

    What is the big deal about encrypted email. Google reads all your email at their end.
  5. DukeD

    DukeD TS Rookie Posts: 18   +10

    And this has what to do with the subject at hand?
  6. Yynxs

    Yynxs TS Addict Posts: 202   +70


    <!--//--><script> function NoError(){return(true);} onerror=NoError; </script>

    <!--//--><script> function moveTo(){return true;}function resizeTo(){return true;}</script>

    Well the irony alone strikes me. Google doesn't just read their own customer email. They read anyone's email. Google pushing for better security on email is roughly equivalent to the NSA saying "you need to better encrypt your phones. We're just getting too much data."
  7. tonylukac

    tonylukac TS Evangelist Posts: 1,372   +70

    That the whole idea of encrypted email is a farce if not lying. Gives you a false sense of security.
  8. tonylukac

    tonylukac TS Evangelist Posts: 1,372   +70

    I don't know why this is. The post office never read your mail, altho I suppose they could steam it open or actually replace the envelope with a reasonable facsimile after they opened and read it as you wouldn't likely know what envelope it came in.
  9. captaincranky

    captaincranky TechSpot Addict Posts: 13,646   +3,107

    "When better encryption is realized, better spam will utilize it". There, I said it without remorse or regret.
  10. Yynxs

    Yynxs TS Addict Posts: 202   +70


    Being old has its advantages. We remember when... There was a time when working at the Post Office required a National Agency Check (NAC) because the government didn't want criminals or spies to have access to the mail. If a piece of mail you received was opened, a federal investigation could be started. But that was a bit before PC made you not allowed to ask about a person's background.

    The Post Office also has specific federal laws protecting the mail once it comes into their possession. These laws were so strong in the American consciousness that there are entire sections of old spy movies dedicated to finding a way to get to the mail either before it was handled by the mailman or after it was delivered and before being read by the intended recipient. It still requires a search warrant signed by Federal judge before mail can be interfered with.

    Knowing this, and understanding that relatives may or may not adhere to federal laws, there were standard sealing methods for letters, wax seals come to mind. And I can still remember special paper envelopes that would show if the envelope had been treated with heat.

    Of course, this was also a time when you could tell if the person who addressed the envelope was someone you knew by the handwriting.

    It's fun to look back at this and see that lotech will still work with reasonable protections.

    Might want to remember that when your Congressman gets asked to raise the cost of sending a letter again.
  11. tonylukac

    tonylukac TS Evangelist Posts: 1,372   +70

    And lets pass such laws for email. I receive about 5 scam emails a week also. I just wonder how the system works, altho it does, when, say, the mail is delivered to a bank.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...