Gmail Cracks Down Harder on Security
When Gmail officials speak, email senders take heed. So the post, “More Encryption, More Notifications, More Email Security,” became an immediate Facebook trend on Friday.
In the post, published on Thursday and housed first on the Google Online Security Blog, Google introduces two more security measures for marketers to note. But first, post authors Nicolas Lidzborski, Gmail security engineering lead, and Jonathan Pevarnek, Jigsaw engineer, seemed to gloat about the success of Gmail’s Feb. 9 smackdown on unencrypted emails.
“In the 44 days since we introduced it,” they write of the encryption requirement, “the amount of inbound mail sent over an encrypted connection increased by 25 percent.”
This is what Gmail users see when a message arrives without proper encryption:
But Gmail’s not done with that requirement.
“However, as our recent research with the University of Michigan and University of Illinois shows, misconfigured or malicious parts of the Internet can still tamper with email encryption,” reads Thursday’s post. “To help ensure TLS encryption works as intended, we’ve teamed-up with a variety of industry partners — including Comcast, Microsoft, and Yahoo! — to submit a draft IETF specification for ‘SMTP Strict Transport Security.’ With this new proposed standard, companies can ensure that mail will only be delivered through encrypted channels, and that any encryption failures should be reported for further analysis, helping shine the spotlight on any malfeasance occurring around the Internet.”
The two new measures that may concern marketers are:
1. Websites Need to Provide ‘Safe Browsing.’ Gmail is going to warn users twice before they succeed at clicking on links to “dangerous sites known for phishing, malware and unwanted software.” [Author’s note: Amusingly, a December 2015 post on the Google Security Blog calls the latter “ ‘Unwanted Software,’ or ‘UwS’ (pronounced ‘ooze’).”]
The December 2015 blog post describes UwS this way:
- It is deceptive, promising a value proposition that it does not meet.
- It tries to trick users into installing it or it piggybacks on the installation of another program.
- It doesn’t tell the user about all of its principal and significant functions.
- It affects the user’s system in unexpected ways.
- It is difficult to remove.
- It collects or transmits private information without the user’s knowledge.
- It is bundled with other software and its presence is not disclosed.
2. Thought-leaders May Be Attacked by Cyber-terrorists. “These warnings are rare — fewer than 0.1 percent of users ever receive them — but they are critically important,” the Thursday post says of recipients of state-sponsored attack warnings. “The users that receive these warnings are often activists, journalists and policy-makers taking bold stands around the world.” [Author’s note: So it may be even more rare for a marketer to receive this warning, but you know if you fit into this category. Nonprofit marketers, does this apply to you?]
What do marketers think?
Please respond in the comments section below.
Related story: 2 More Gmail Hurdles for Marketers