This article is more than 1 year old

Gmail growls with more bad message flags to phoil phishers

Encryption and authentication become part of the webmail UI

Google's taking some of the user interface techniques it uses to flag insecure Web pages and applying them to email.

The plan: to warn users of Gmail on the Web when they receive emails from people who aren't using encrypted connections, or if message authentication fails.

The change is outlined on the Gmail blog.

While a Gmail user is protected by TLS encryption, there's no way for them to know whether the email service they're sending to or receiving from is also protected.

Google, however, can see that exchange, so if the far-end isn't encrypted, it is going to start showing users a broken lock.

Gmail encryption flag

Name-and-shame: if the email service doesn't encrypt,
Gmail on the Web will tell you

The second UI flag Gmail is adding covers authentication: while it's easy to trust an email address you've exchanged messages with for a long time (a partner, a boss, an old friend and so on), a lot of messages arrive claiming to be from banks, shops and payment houses.

As Mountain View explains here, it's a little burdensome for end-users to double-check the details that would let them authenticate messages.

So Google will simply substitute a question mark for the avatar or logo if a message can't be authenticated.

Gmail authentication failure flag

How an authentication failure will be flagged

A question mark accompanied by the claim that "this is a message from your bank" will, The Chocolate Factory hopes, go a long way to stopping people falling for phishing scams. ®

More about

TIP US OFF

Send us news


Other stories you might like