Gmail to warn when email arrives over an unencrypted connection

Google will begin warning users "in the coming months" of emails from providers that are sent through unencrypted connections.
Written by Zack Whittaker, Contributor

Gmail will soon tell you if an incoming email has traversed the internet over an unencrypted connection.

The hope is that the company will convince other email providers into bolstering encryption and security for its own users and for those using other email providers.

The email provider already uses HTTPS to encrypt a user's connection between their browser and the server, but after that it's widely out of a user's control.

That's why Gmail, like many other email providers -- including Comcast, Microsoft, and Yahoo -- have started encrypting that onward connection with STARTTLS, which prevents snooping from government agencies and attackers who try to tap into those messages as they travel the pipes of the internet.

But there's a problem. A lot of providers don't support STARTTLS, meaning that any email encrypted by the sender can't be read when it's received on the other end. This so-called opportunistic encryption works when both email providers support STARTTLS. If one doesn't, then the other provider falls back to an unencrypted form.

The more email providers that use STARTTLS, the greater number of emails that will be encrypted by default as they traverse the internet.

Google said this kind of encryption will help not only prevent snooping but also those who aim to restrict the free flow of information or attack machines, it said in a blog post.

It's not clear when this will start, but the company said these warnings will appear "in the coming months."

The company also informs users if they are being targeted by state-sponsored attacks, something it knows all too well after it withdrew from China in 2011 after it was reportedly attacked by the government.

Editorial standards