Email carries some of a user’s most sensitive communication – think private correspondence, financial details, password recovery confirmations, etc. – so it’s security is a high priority. After looking at how email security has evolved since 2013, Google today pointed to the encouraging trends in email security
The search giant has partnered up with the University of Michigan and the University of Illinois and today also published the results of a multi-year study entitled “Neither Snow Nor Rain Nor MITM . . . An Empirical Analysis of Email Delivery Security” analysing email security during the past two years.
What the researchers have discovered is that inbound security is on the rise:
– The number of encrypted emails that Gmail receives jumped to 61% in October 2015 (up from 33% recorded in December 2013).
– More and more domains support encryption, which means that emails encrypted with TLS from Gmail to non-Gmail recipients is up from 60% to 80%;
– And finally, the third important takeaway from the study is that more than 94% of inbound messages to Gmail carry some form of authentication.
But the study also reveals new security challenges: The researchers noticed that in some regions the “Internet is actively preventing message encryption by tampering with requests to initiate SSL connections”. Secondly, they have uncovered malicious DNS servers publishing false routing information to email servers looking for Gmail.
While the good news and the main conclusion of the report is that email security is changing in a positive way, it also serves to remind us that security threats won’t disappear.