Today on the Google Security blog, the email giant took a moment to laud the success of their “lock icon” indicating that a sender or recipient of an email doesn’t support TLS encryption. The post indicates Google has seen a 25% increase in the amount of inbound mail authenticated with TLS in just 44 days since the change was implemented.
In light of this success, Google has teamed up with Comcast, Microsoft, Yahoo, and others to draft an IETF spec for “SMTP Strict Transport Security.” This protocol, if implemented, would dictate that all mail is sent using authentication and require any auth failures to be reported to allow for further investigation.
In addition, Google also announced that their potential malicious link warnings, which are currently displayed at the top of the message, will now generate a full-page browser interrupt when one of these links is clicked:
This behavior will also carry over to the very rare “state-sponsored attack” warnings that are displayed for journalists and activists who may be potential targets for government censorship (or worse).