Gmail's new security indicators

Martin Brinkmann
Feb 11, 2016
Updated • Jan 4, 2018
Companies, Gmail, Google
|
9

Google added two new security indicators to its email service Gmail which reveal TLS encryption support and whether the sender could be authenticated.

Many popular email services, including Gmail, support TLS (Transport Layer Security) encryption to protect data while it is in transit.

TLS is only useful if both the sending and receiving email service supports it, and one of the new features highlights on Gmail when TSL encryption is not supported by another service.

Gmail highlights the fact with a red open padlock image in the email header. You can click on the lock icon to display additional information, but it means effectively that the third-party mail server did not encrypt the message (likely because it is not configured to use TLS).

gmail tls encryption

The red open padlock icon is displayed for receiving emails but may also be displayed when you are composing emails.

If you see the red padlock while composing a message
Don’t send confidential material, like tax forms or contracts, to that email address.

If you see the red padlock when viewing a received message
This message was sent unencrypted. In most cases, there’s nothing you can do. If it contained particularly sensitive content, you should let the sender know and they can contact their email service provider.

The second new security feature on the Gmail website is subtle. If the sender of an email address cannot be authenticated, you will see a red question mark instead of a profile photo, avatar or the default blank profile icon.

gmail authentication

You can look up authentication information with a click on the down arrow icon next underneath the name of the sender of the email.

This displays mailed-by and signed-by information in an overlay, and you will notice that those two won't match usually if the sender could not be authenticated.

For example, if you see messages claiming to be from google.com, but are not properly authenticated as coming from google.com, these are phishing messages. You should not enter or send any personal information. Remember, Google will never ask you to send personal information.

Additional information about the two new features are provided on the official Gmail blog.

Summary
Gmail's new security indicators
Article Name
Gmail's new security indicators
Description
Google added two new security indicators to Gmail that highlight if TLS encryption is not used, and whether the sender could be authenticated.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. SB said on April 29, 2016 at 5:49 am
    Reply

    As above, if I know the address is legit, how do I verify it myself and then remove the question mark?

  2. roman couture said on March 4, 2016 at 8:18 pm
    Reply

    I would like to know how to take it out, because when i am sending email for my work, my email appears as a possible spam/ phishing email. What can be done. thank you

  3. juju said on February 11, 2016 at 10:01 pm
    Reply

    not security feature

  4. Gabriel said on February 11, 2016 at 7:35 pm
    Reply

    Does TLS encrypt text?

    1. Martin Brinkmann said on February 11, 2016 at 7:49 pm
      Reply

      All data transmitted is encrypted.

      1. Gabriel said on February 11, 2016 at 9:03 pm
        Reply

        Thank you Martin!

  5. Mike O said on February 11, 2016 at 3:16 pm
    Reply

    Here is a site that allows users to test email Send/Receive TLS encryption. http://www.checktls.com/index.html

  6. trek100 said on February 11, 2016 at 3:15 pm
    Reply

    Thank you, Martin.
    Clear and brief description!

  7. Ann said on February 11, 2016 at 2:12 pm
    Reply

    this is only true offcoz for the web app
    Can’t remember the time when i’ve looked at it. always using an app for that

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.