Google will now name and shame e-mail providers that don’t support encryption

Author: 
Coverage Type: 

Security obsessives will know that although Google has begun encrypting the links between its own servers -- so the National Security Agency can't hack our e-mails as they're traveling across the company's systems -- we risk losing those protections as soon as our messages leave Google's walled garden.

The trouble is that encryption only works if both your e-mail program and your recipient's support it. So if, for example, you're on Gmail, but your friend uses a Comcast.net e-mail address, chances are your messages will show up unencrypted at the other end, because Comcast doesn't have encryption enabled.

Google estimates that up to half of the e-mail sent between Gmail and other sites are not encrypted -- a situation that could be easily fixed with the right investments, according to a Google employee who declined to be named because he wasn't authorized to speak publicly.

"As my engineer colleague said, it's not rocket science — it's elbow grease," the employee said. To draw more attention to the issue, Google intends to start publicly identifying which other companies support e-mail encryption, and which don't, as part of its periodic transparency reports.

The company said that it's creating a new section in the report that explains which domains support Transport Layer Security (TLS) -- the encryption protocol that automatically shields e-mail from prying eyes if both the sender's and the receiver's providers have it switched on. Since December, the share of encrypted e-mails sent from Google to other providers has risen from 30 percent to 65 percent, according to the company.


Google will now name and shame e-mail providers that don’t support encryption Transparency Report: Protecting emails as they travel across the web (Google) Google Offers New Encryption Tool (New York Times)