Late this week, Google’s security team announced several new features they are expanding or making available to Gmail users to help enhance email security. The updates include enhancements to email encryption, improvements to Google’s safe browsing warnings to help Gmail users, and additional alerts regarding state-sponsored attacks directed at Gmail users.
The improvements to encryption standards for email actually started several weeks ago on Safer Internet Day when Google rolled out a new visual element for Gmail users. A small red lock icon now appears to alert users if a recipient of their email message is using an email service that does not support encryption. Google notes that since then they have seen the use of encrypted connections for email increase by 25%.
To help push that number even higher, Google says they have partnered with other industry players like Comcast, Microsoft and Yahoo to submit a draft IETF specification for “SMTP Strict Transport Security.” The standard is designed to help ensure email is delivered using encrypted connections and specifically that TLS encryption works as intended.
With regard to links to potentially dangerous web sites, Google is expanding their safe browsing tools to cover other web browsers and email clients. Google already helps protect Gmail users by identifying these sites in mail messages. Should a user go ahead and click on the link though, they will be presented with additional warnings regarding the danger they may be subject to.
Finally, for users who may find themselves the target of state sponsored attacks via email, they will get a new, full-page warning that helps with suggestions for users to stay safe. These might include steps like setting up two-factor authentication and the use of a security key. This new full-page warning will be in addition to the small message Google currently uses.