Gmail will now warn users when they’re exchanging email with someone whose email provider doesn’t support server-to-server message encryption, Google announced this week.
Traditionally, email messages were sent from mail server to mail server unencrypted, but in recent years email providers including Gmail have increasingly begun using a security protocol called Transport Layer Security, or TLS, to encrypt messages in transit and to limit opportunities for eavesdropping. But when a server that supports TLS exchanges messages with one that doesn’t, it’s forced to fall back to the unencrypted standard.
In that case, Gmail will now warn users with a broken lock icon, similar to what’s used in Chrome and other browsers to indicate an insecure connection. The company said in 2014 that about 40 to 50 percent of emails between Gmail and other providers weren’t encrypted.
Gmail will also warn when users receive an email that can’t be cryptographically authenticated, alerting users to potential phishing attacks.
“If you receive a message that can’t be authenticated, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar,” according to Google’s blog post.
The move is the latest in a series of steps that Google has taken to boost Gmail user privacy, including pushing two-step authentication, warning on suspicious account access attempts, and testing device-based alternatives that could be harder to spoof than password logins.