Today, we’re announcing a variety of new protections that will help keep Gmail users even safer and promote email security best practices across the Internet as a whole.
New tools and industry standards make email even safer
On Safer Internet Day this year, we introduced a new visual element to Gmail that lets users know when they’ve received a message that wasn’t delivered using encryption or if they’re composing a message to a recipient whose email service doesn’t support TLS encryption. It’s the red lock icon featured below:
increased by 25%. We’re very encouraged by this progress! Given the relative ease of implementing encryption and its significant benefits for users, we expect to see this progress continue.
However, as our recent research with the University of Michigan and University of Illinois shows, misconfigured or malicious parts of the Internet can still tamper with email encryption. To help ensure TLS encryption works as intended, we’ve teamed-up with a variety of industry partners — including Comcast, Microsoft, and Yahoo!— to submit a draft IETF specification for “SMTP Strict Transport Security.” With this new proposed standard, companies can ensure that mail will only be delivered through encrypted channels, and that any encryption failures should be reported for further analysis, helping shine the spotlight on any malfeasance occurring around the Internet.
Safe Browsing makes Gmail more secure
Since 2007, Safe Browsing has protected users across the web by warning them before they visit dangerous sites known for phishing, malware, and Unwanted Software. Over the years, we’ve brought the protections afforded by Safe Browsing to other Google products as well, including: Chrome, Android, Ads, Google Analytics, and more.
Safe Browsing already protects Gmail users by identifying potentially dangerous links in messages. Starting this week, Gmail users will begin to see warnings if they click these links, further extending this protection to different web browsers and email apps. The full-page warning will look like this:
Enhancing state-sponsored attack warnings
Since 2012, we’ve warned Gmail users when we suspect they’ve been targeted by state-sponsored attackers:
Today, we’re launching a new, full-page warning with instructions about how these users can stay safe. They may see these new warnings instead of, or in addition to, the existing ones.
The security of our users and their data is paramount. We’ll continue to build new protections, and work closely with the broader email ecosystem to support and improve standards such as TLS, that keep users safe.