Gmail's new security indicators
Google added two new security indicators to its email service Gmail which reveal TLS encryption support and whether the sender could be authenticated.
Many popular email services, including Gmail, support TLS (Transport Layer Security) encryption to protect data while it is in transit.
TLS is only useful if both the sending and receiving email service supports it, and one of the new features highlights on Gmail when TSL encryption is not supported by another service.
Gmail highlights the fact with a red open padlock image in the email header. You can click on the lock icon to display additional information, but it means effectively that the third-party mail server did not encrypt the message (likely because it is not configured to use TLS).
The red open padlock icon is displayed for receiving emails but may also be displayed when you are composing emails.
If you see the red padlock while composing a message
Don’t send confidential material, like tax forms or contracts, to that email address.
If you see the red padlock when viewing a received message
This message was sent unencrypted. In most cases, there’s nothing you can do. If it contained particularly sensitive content, you should let the sender know and they can contact their email service provider.
The second new security feature on the Gmail website is subtle. If the sender of an email address cannot be authenticated, you will see a red question mark instead of a profile photo, avatar or the default blank profile icon.
You can look up authentication information with a click on the down arrow icon next underneath the name of the sender of the email.
This displays mailed-by and signed-by information in an overlay, and you will notice that those two won't match usually if the sender could not be authenticated.
For example, if you see messages claiming to be from google.com, but are not properly authenticated as coming from google.com, these are phishing messages. You should not enter or send any personal information. Remember, Google will never ask you to send personal information.
Additional information about the two new features are provided on the official Gmail blog.Advertisement