Gmail will soon be able to warn users if an email arrives under an unencrypted connection, as part of the results of a new research about email security.
Google already employs the use of HTTPS in Gmail in order to secure the connection between a user's web browser and its servers. Also, Google and other email providers have started encrypting their server connections. However, not every email provider supports encrypted messages.
The research project, in partnership with the University of Michigan and the University of Illinois, has found that email security has been improving over the past two years, and that 94% of incoming messages to Gmail carry some form of authentication. However, according to the blog post, there were reportedly regions on the internet actively preventing message encryption by tampering with requests to initiate SSL connections.
Also, Google found malicious DNS servers that are serving up fake routing information to email servers looking for Gmail. The company describes them as "telephone directories that intentionally list misleading phone numbers." The post explains that while this type of attack is rare, it is still quite alarming as it could allow attackers to alter messages before they are relayed to the email recipient. "While these threats do not affect Gmail-to-Gmail communication, they may affect messaging between providers," the blog post states.
To notify users of possible email dangers, in-product warnings will be developed in order to inform users about messages sent through unencrypted connections. The feature will be rolling out in the coming months, according to the company.
Last year, to prevent unwanted collection of private information, Gmail blocked add-ons that had the ability to spy on users.