Google: TLS auth warnings work, malicious link warnings now more prominent

Today on the Google Security blog, the email giant took a moment to laud the success of their “lock icon” indicating that a sender or recipient of an email doesn’t support TLS encryption. The post indicates Google has seen a 25% increase in the amount of inbound mail authenticated with TLS in just 44 days since the change was implemented.

In light of this success, Google has teamed up with Comcast, Microsoft, Yahoo, and others to draft an IETF spec for “SMTP Strict Transport Security.” This protocol, if implemented, would dictate that all mail is sent using authentication and require any auth failures to be reported to allow for further investigation.

In addition, Google also announced that their potential malicious link warnings, which are currently displayed at the top of the message, will now generate a full-page browser interrupt when one of these links is clicked: Google warning

This behavior will also carry over to the very rare “state-sponsored attack” warnings that are displayed for journalists and activists who may be potential targets for government censorship (or worse).

– BG




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.