Gmail will soon alert you if you receive unencrypted emails
Nov 17 2015
A bug has been discovered in the official Gmail app for Android which lets you spoof your email address to anything you want, fooling others that they have received an email from someone else instead of you.
"To notify our users of potential dangers, we are developing in-product warnings for Gmail users that will display when they receive a message through a non-encrypted connection", Elie Bursztein and Nicolas Lidzborski of the Gmail security team noted in a blog post, according to PCMagazine.
These warnings will start in the coming months. The new feature is part of Google's efforts to ramp up the security, which is also the heart of its Safer Email Transparency report, which analyses email security beyond Gmail servers.
The study, in partnership with the University of MI and the University of IL, reveals that overall email security is better than it was two years ago.
These threats have led Gmail to work on a warning system that alerts users when they receive unencrypted mail.
Google announced the new feature along with results of a multi-year study that measured the evolution of email security. While Google researchers found that the measures that ensure user privacy in emails have vastly improved, new "challenges" have emerged. However, only 61 per cent of emails (up from 33 per cent) sent to Gmail from non-Gmail users from the period between December 2013 to October 2015 were encrypted.
In addition, the percentage of messages encrypted with TLS sent from Gmail to non-Gmail addresses increased from 60% to 80%. A few regions of the Internet were found to be interfering with message encryption by tampering with requests to initiate SSL connections.
"While this type of attack is rare, it's very concerning as it could allow attackers to censor or alter messages before they are relayed to the email recipient", Bursztein and Lidzborski said in the post.