Gmail's new security indicators - gHacks Tech News

Gmail's new security indicators

Google added two new security indicators to its email service Gmail which reveal TLS encryption support and whether the sender could be authenticated.

Many popular email services, including Gmail, support TLS (Transport Layer Security) encryption to protect data while it is in transit.

TLS is only useful if both the sending and receiving email service supports it, and one of the new features highlights on Gmail when TSL encryption is not supported by another service.

Gmail highlights the fact with a red open padlock image in the email header. You can click on the lock icon to display additional information, but it means effectively that the third-party mail server did not encrypt the message (likely because it is not configured to use TLS).

gmail tls encryption

The red open padlock icon is displayed for receiving emails but may also be displayed when you are composing emails.

If you see the red padlock while composing a message
Don’t send confidential material, like tax forms or contracts, to that email address.

If you see the red padlock when viewing a received message
This message was sent unencrypted. In most cases, there’s nothing you can do. If it contained particularly sensitive content, you should let the sender know and they can contact their email service provider.

The second new security feature on the Gmail website is subtle. If the sender of an email address cannot be authenticated, you will see a red question mark instead of a profile photo, avatar or the default blank profile icon.

gmail authentication

You can look up authentication information with a click on the down arrow icon next underneath the name of the sender of the email.

This displays mailed-by and signed-by information in an overlay, and you will notice that those two won't match usually if the sender could not be authenticated.

For example, if you see messages claiming to be from google.com, but are not properly authenticated as coming from google.com, these are phishing messages. You should not enter or send any personal information. Remember, Google will never ask you to send personal information.

Additional information about the two new features are provided on the official Gmail blog.

Summary
Gmail's new security indicators
Article Name
Gmail's new security indicators
Description
Google added two new security indicators to Gmail that highlight if TLS encryption is not used, and whether the sender could be authenticated.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Ann said on February 11, 2016 at 2:12 pm
    Reply

    this is only true offcoz for the web app
    Can’t remember the time when i’ve looked at it. always using an app for that

  2. trek100 said on February 11, 2016 at 3:15 pm
    Reply

    Thank you, Martin.
    Clear and brief description!

  3. Mike O said on February 11, 2016 at 3:16 pm
    Reply

    Here is a site that allows users to test email Send/Receive TLS encryption. http://www.checktls.com/index.html

  4. Gabriel said on February 11, 2016 at 7:35 pm
    Reply

    Does TLS encrypt text?

    1. Martin Brinkmann said on February 11, 2016 at 7:49 pm
      Reply

      All data transmitted is encrypted.

      1. Gabriel said on February 11, 2016 at 9:03 pm
        Reply

        Thank you Martin!

  5. juju said on February 11, 2016 at 10:01 pm
    Reply

    not security feature

  6. roman couture said on March 4, 2016 at 8:18 pm
    Reply

    I would like to know how to take it out, because when i am sending email for my work, my email appears as a possible spam/ phishing email. What can be done. thank you

  7. SB said on April 29, 2016 at 5:49 am
    Reply

    As above, if I know the address is legit, how do I verify it myself and then remove the question mark?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.