Gmail has two new security features. Users get to see whether their email was or will be encrypted in transit, and also whether other senders have been authenticated.
Google hopes this will increase awareness of TLS encryption of email, and reduce phishing attacks. Good luck with that.
In IT Blogwatch, bloggers simply transport mail.
Your humble blogwatcher curated these bloggy bits for your entertainment.
What’s the craic? Jon Russell leaves this here—Gmail Now Warns Users When They Send And Receive Email Over Unsecured Connections:
Google is...introducing new authentication features to Gmail to help better identify emails that could prove to be harmful or are not fully secure.
Beyond just flagging emails sent over unsecured connections, Google also warns users who are sending. Gmail...will alert users when they are sending...to a recipient whose account is not encrypted [by putting] a little open lock in the top-right corner. [It will also] appear if you receive an email [that was] not encrypted. ... Google switched to [TLS] some while ago to ensure that all Gmail-to-Gmail emails are encrypted, but not all other providers have made the move.
Another measure...shows users when they receive a message from an email account that can’t be authenticated. ... Authentication is one method for assessing whether an email is a phishing attempt. ... Unauthenticated emails aren’t necessarily dangerous, but, with this new indicator, Google is giving users [help to] make better decisions.
Sounds useful. Natalie Gagliordi offers Gmail now alerts users to unsecured connections:
The features are designed to alert users when an email is potentially unsafe or not fully secure. ... A click on the padlock icon brings up a dialog box warning users that the other...email service...does not support encryption.
The company hopes the effort will convince other email providers to bolster encryption and security...as their messages traverse the internet.
Gmail will also flag unverified email contacts by showing a question mark in place of a profile picture.
As goes consumer Gmail also goes “Google For Work” (eventually). Google’s Suzanne Frey steps into the fray—Two new security features for Gmail and four tips to keep your users more secure:
We’re adding two new security features to Gmail that will roll out to Google Apps domains in the coming weeks.
Users who receive a message from, or who are about to send a message to, someone whose email service doesn’t support...TLS, will see an open lock icon. ... Users receiving messages that aren’t properly authenticated with either Sender Policy Framework (SPF) or DKIM will see a question mark in place of their profile photo.
Here are some additional features you can use as a Google Apps for Work admin: ... You can easily enforce use of 2-step verification...for all users in your Google Apps domain. ... Activate Data Loss Prevention (DLP) to help prevent information from being revealed to those who shouldn’t have it. ... Follow the best practices outlined in Google’s sender guidelines...create a Sender Policy Framework, [add] a digital signature...using DKIM and create a DMARC record.
The Internet is a big place, and it’s going to take global teamwork to make it the most secure.
So this is planet Houston? This is Dave Neal before Zod—Gmail steps in to save you from insecure messages:
[The] nagging notification...reflects badly on your contacts if they do not apply proper protection to their email. [It’s] a great opportunity to look down on people from an ivory tower and set yourself up as a privacy pioneer and preservationist.
Once this shade has been cast on your contact you will be able to choose whether to proceed or not.
So thanks, Google? Well, Ben Woods slightly begrudges the moves—Google’s rolling out new encryption security measures for Gmail this week:
These measures combined are not wholly altruistic – a smaller chance of success for scammers means a smaller target...which should...cost Google less money.
That’s the theory anyway.
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or email@example.com.
Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.