Number of encrypted emails Gmail received from non-Gmail senders increased from 33% to 61% between December 2013 and October 2015.
Google has announced plans to improve its email service following the publication of a multi-year study in conjunction with the University of Illinois which measured the evolution of email security since 2013. Although Google’s Gmail service was used as the foundation of the report, Google’s Elie Anti-Fraud and Abuse Research and Nicolas Lidzborski, Gmail Security Engineering Lead, stated that the study’s findings apply to email “more broadly”.
The study found that email is more secure today than it was in 2013, but that significant challenges remain, not least because some countries were actively blocking SSL connections.
To combat this, Google is working with other partners and the industry association M3AAWG to strengthen “opportunistic TLS” using techniques developed by the company.
Google further claim that they have uncovered ‘malicious’ DNS servers which published, “publishing bogus routing information to email servers looking for Gmail. These nefarious servers are like telephone directories that intentionally list misleading phone numbers for a given name. While this type of attack is rare, its very concerning as it could allow attackers to censor or alter messages before they are relayed to the email recipient.”
The company notes that such threats do not affect emails sent from one Gmail account to another, but may impact messaging “between providers.”
Google is currently working to implement a system which will warn Gmail users when an unencrypted email is received.
