The number of emails using encryption has increased dramatically over the past two years, according to research published by Google on Thursday. Email sent to Gmail accounts from non-Gmail accounts employing encryption increased by almost double, from 33 percent to about 3 of 5, from late 2013 to October 2015, according to a blog post.
Google also announced that warnings will roll out “in the coming months” when Gmail users receive a message through a non-encrypted connection.
The research was conducted in a multi-year study by Google and partners the University of Michigan and the University of Illinois, and published as “Neither Snow Nor Rain Nor MITM . . . An Empirical Analysis of Email Delivery Security” (PDF). Despite finding several new security challenges, the report shows improvement in email security.
One new security challenge is tampering with SSL initiation requests, and Google is working with the industry group M3AAWG on improving “opportunistic TLS” to mitigate it. Another challenge is bogus routing information published by malicious DNS servers.
Security has been improved, however, by the proliferation of technologies preventing phishing and impersonation, and 94 percent of inbound messages to Gmail use some form of authentication. Researchers also found that 80 percent of outbound messages from Gmail were received by domains supporting TLS encryption, up from 60 percent in 2013.