February 10, 2016 By Larry Loeb 2 min read

Google celebrated Safer Internet Day on Feb. 9 by making a practical stand against unsecured email. The company announced on its Official Gmail Blog that it was making changes to Gmail that make the use of an unsecured connection in mail explicit. And since Gmail passed 1 billion users recently, this move affects an awful lot of email.

Unsecured Email Marking

The new changes will show if a user receives email from, or sends email to, a service that does not support transport layer security (TLS) encryption. Gmail will now display a broken lock in the affected message at the top right corner.

Gmail has a long history of using TLS for encryption in transit, but if the receiving end does not use it, too, then it is not effective. According to TechCrunch, Google said last year that 57 percent of messages sent to Gmail users are encrypted, compared to 81 percent of outgoing messages from Gmail.

The Authentication Process

If a message can’t be authenticated by Google, it will display a question mark in place of the user’s photo or icon. This alerts a user that the message has a higher possibility of being of questionable origin.

However, “authentication by itself is not enough to guarantee your messages can be delivered, as spammers can also authenticate mail,” Google noted. “Similarly, the fact that a message is unauthenticated isn’t enough to classify it as spam because some senders don’t authenticate their mail or because authentication breaks in some cases (for example, when messages are sent to mailing lists).”

Google also warned that if a user receives a message from a major entity, such as a financial institution or an email provider such as Yahoo or Hotmail, and it isn’t authenticated, the message is most likely forged. That signals that one should be careful about replying to it or opening any attachments. The idea here is that phishing emails generally have certain characteristics, and not being authenticated is one of them.

Users Beware

Ultimately, this authentication is a warning but not a deal breaker when it comes to email; there can be false positives and false negatives. But adding these tools to an email system such as Gmail allows the messages that don’t play by the rules stand out. Hopefully, this adds to a user’s security awareness.

More from

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today