If you send an unencrypted email; Google will warn you!

According to Mediasoft; As a result of these efforts, protocols such as HTTPS have protected users from attacks by default in the Gmail service. In addition to benefiting from these secure services, Google has been conducting extensive research with the University of Michigan and the University of Illinois on encrypted emails for the past two years. The results of research on improving the security of sending and receiving emails have been published in the form of a thirteen-page report by Google. While Gmail has been the focus of this research, the research will significantly increase the security of email services.

STARTTLS way successful in conveying the message of

STARTTLS was first introduced in 2002. STARTTLS is a special development for the SMTP protocol that allows SMTP to be encapsulated in a TLS session. In a normal STARTTLS session, a client first tries to communicate with the SMTP server. The client then sends a command to STARTTLS and initializes a standard handshake and TLS process. The client will now be able to transfer content, attachments and any related metadata to an encrypted and protected channel. You can see this pattern in the following commands.

S: <waits for connection on TCP port 25>

  C: <opens connection>

  S: 220 mail.example.org ESMTP service ready

  C: EHLO client.example.org

  S: 250-mail.example.org offers a warm hug of welcome

  S: 250 STARTTLS

  C: STARTTLS

  S: 220 Go ahead

  C: <starts TLS negotiation>

  C & S: <negotiate a TLS session>

  C & S: <check result of negotiation>

  C: EHLO client.example.org

STARTTLS tries to protect the nodes between the servers and tries to prevent the eavesdropping of messages. STARTTLS typically does not perform any process of authenticating the destination mail server, but instead provides the opportunity to encrypt messages. As of April 26, 2015, Google has implemented STARTTLS on more than 80% of outgoing (outbound) messages from the service, while nearly 60% of inbound (inbound) communications have entered the service according to the STARTTLS Behavior they do. Other services, such as Yahoo and Atloc, also use the STARTTLS mechanism, although they are weaker than Gmail. As you can see in the table below, many email service providers use STARTTLS in their inbound and outbound communications to their services.

Outgoing

Cipher

Outgoing

Key Exchange

Outgoing

TLS Version

Certificate

Matches

Incoming

Cipher

Incoming

Key Exchange

Incoming

TLS Version

provider

AES-128-GCM

ECDHE

1.2

server

AES-128-GCM

ECDHE

1.2

Gmail

RC4-128

ECDHE

1.0

server

AES-128-GCM

ECDHE

1.2

Yahoo

AES-256

ECDHE

1.2

server

AES-256-CBC

ECDHE

1.2

Outlook

AES-128-GCM

AND

1.2

server

AES-128-GCM

ECDHE

1.2

iCloud

AES-256-GCM

AND

1.2

server

AES-256-CBC

ECHDE

1.2

Mail.com

RC4-128

RSA

1.0

server

RC4-128

RSA

1.0

Zoho

AES-256-GCM

ECDHE

1.2

server

RC4-128

RSA

1.2

Mail.ru

AES-256-CBC

AND

1.0

server

RC4-128

RSA

1.0

AOL

AES-256-CBC

AND

1.0

server

RC4-128

RSA

1.1

QQ

ES-128-GCM

AND

1.2

server

AES-128-GCM

ECDHE

1.2

Me.com

AES-256-CBC

ECDHE

1.2

server

AES-128-GCM

RSA

1.2

Yandex

Email security in various industry

Studies show that email services have become more secure over the past two years. The level of encryption of 

incoming emails has increased from 33% in 2013 to 61%.

Also, the level of encryption of sent (outgoing) emails has increased from 60% in 2013 to 80%. Accordingly

Google intends to increase the security of Gmail service. This move is in line with the threats that seriously endanger the security of Gmail users. Google plans to send out warnings to users about the consequences of sending unencrypted emails. Accordingly, the web search giant will send alerts to users whenever they receive unencrypted messages from various sources. Google recently published the results of research and achievements in the field of email security on the company’s blog. The study was a collaboration between Google and the Universities of Illinois and Michigan. A study that took nearly two years. The findings of this study will increase the level of public trust in email services and implement cryptography on a large scale in the industry. However, the research team found that some Internet domains used weak encryption with DNS servers, allowing hackers to send messages from routers as soon as they were sent and before the messages were received by the original recipient. Be able to track users’ messages. Google is working with researchers at the university to prevent such attacks and reassure users that their emails will not be read by hackers. As a result, we should expect to receive warnings about unencrypted emails in the coming months. However, the research team found that some Internet domains used weak encryption with DNS servers, allowing hackers to send messages from routers as soon as they were sent and before the messages were received by the original recipient. Be able to track users’ messages. Google is working with researchers at the university to prevent such attacks and reassure users that their emails will not be read by hackers. As a result, we should expect to receive warnings about unencrypted emails in the coming months. However, the research team found that some Internet domains used weak encryption with DNS servers, allowing hackers to send messages from routers as soon as they were sent and before the messages were received by the original recipient. Be able to track users’ messages. Google is working with researchers at the university to prevent such attacks and reassure users that their emails will not be read by hackers. As a result, we should expect to receive warnings about unencrypted emails in the coming months. Google is working with researchers at the university to prevent such attacks and reassure users that their emails will not be read by hackers. As a result, we should expect to receive warnings about unencrypted emails in the coming months. Google is working with researchers at the university to prevent such attacks and reassure users that their emails will not be read by hackers. As a result, we should expect to receive warnings about unencrypted emails in the coming months.