Late last month, researchers from the Universities of Michigan and Illinois, along with Google, discovered that in many parts of the world the opportunistic STARTTLS encryption for email can be easily broken. Following that result, the company decided it will start warning Gmail users when the emails they deliver to other email providers are sent unencrypted.
The new venture is part of the company's quest to improve email encryption. Google started on the path about a year ago when it launched the Safer Email campaign to encourage other email providers to use STARTTLS encryption. Google can encrypt its own emails, but not everyone uses Gmail. If other providers don't support STARTTLS encryption, then those emails, even from Gmail users, will be sent unencrypted to their destinations.
Since then, multiple providers have begun supporting STARTTLS, but according to Google, the biggest boost in email encryption was offered by Microsoft's and Yahoo's adoption of the protocol. However, many smaller providers still don't offer it to their users, so now Google is taking the step to warn its Gmail users when they send an email to a provider that doesn't properly support STARTTLS.
Google discovered that in some places of the world, such as Tunisia, attackers were tampering with the requests to initiate encryption for email. It also uncovered some malicious DNS servers publishing bogus routing information to email servers looking for Gmail. This type of attack can be used to censor or modify messages before they reach their destination. The company said it will be working with other partners from the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) to strengthen the opportunistic email encryption with technologies already used in Chrome to protect websites against interception.
Gmail users should start seeing the unencrypted email warnings in a few months. Google has also been working on an "End-to-End" encryption browser extension ever since the Snowden revelations in 2013, but it hasn't mentioned any progress on it in about a year.
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.