Gmail's Encryption Warning Spurs 25% Increase In Encrypted Inbound Emails

An anonymous reader quotes a report from The Verge: Google's efforts to keep users safe might be forcing other email providers to make better security decisions. In February, the company started flagging unencrypted emails, allowing Gmail users to know whether they're sending emails to, or receiving emails from, providers that don't support TLS encryption. Since then, the amount of inbound mail sent over an encrypted connection to Gmail users has increased by 25 percent, Google explained in a blog post released today. The majority of the uptick likely comes from providers updating their clients so they can avoid getting flagged by Google, the company said in a comment to The Verge. Without in-transit encryption, which Google provides by default, emails could potentially be read by attackers because their body and data are sent in plain text. Google is also going to send Gmail users a full-page warning notice if they click on a potentially malicious link. In addition, they are going to increase warnings about state-sponsored attackers with a full-page alert about how to secure accounts through two-factor authentication and the use of a security key.

Re:Encrypting the Link is only part of the story

[SuricouRaven]

With encryption: Google and the US government spy on you.
Without encryption: Google, the US government, Russia, China, half of Europe, Canada, the script kiddie who hacked your router and an organised crime gang spy on you.

Re:Encrypting the Link is only part of the story

[Dynedain]

I think it's exactly the opposite. For so long PGP and other security features were email were ignored because you can't communicate with users on email providers that don't enable it. Same thing with various spam controls - we've always bitched that we can't turn them on because the big vendors ignore it.

This is a GOOD thing by Google. By turning it on, and making it blatantly obvious to their users, they force the industry as a whole into better practices. They've done the same thing with HTTPS (now mixed-mode errors invalidate your "lock" status) and also spam control (reverse DNS lookups, etc). They are using their position of influence to encourage improvements across the industry and should be applauded.

It's going to take multiple steps to get to the final goal of end-to-end encryption. You can't jump to the end overnight. Give credit where credit is due.