Skip to main content

Gmail getting a 'not encrypted' notification

Google will soon start notifying Gmail users when they receive an unencrypted email. According to a blog post by Google's anti-fraud and abuse research expert Elie Bursztein and Gmail security engineering lead Nicolas Lidzborski, there are several reasons why Google has decided to do this.

One is that some countries around the world don't approve of encryption, while the other one is that some services and servers have been really slow in adoptin encryption.

Seven countries – Tunisia, Iraq, Papua New Guinea, Nepal, Kenya, Uganda and Lesotho – should be regarded as dangerous places to send e-mails to, according to Google's research.

Servers are also a problem. Google said today that encrypted messaging is on the rise: Since 2013, the number of encrypted emails that Gmail received from non-Gmail senders increased from 33 per cent to 61 per cent. There's still that final 39 per cent, though.

"Second, we uncovered malicious DNS servers publishing bogus routing information to email servers looking for Gmail. These nefarious servers are like telephone directories that intentionally list misleading phone numbers for a given name. While this type of attack is rare, it’s very concerning as it could allow attackers to censor or alter messages before they are relayed to the email recipient,“ Google says in the report.

"While these threats do not affect Gmail-to-Gmail communication, they may affect messaging between providers," researcher Elie Bursztein and engineer Nicolas Lidzborski wrote in a blog post.

These warnings will begin to roll-out in the coming months, Google added, saying that all email services, Gmail included, depend on the trust of their users.