Not Sure If That EMail Is Authenticated Or Secure? GMail Will Start Warning You

Google promises the change is subtle.

Google promises the change is subtle.


A solid 25 years into the all-digital era, email continues to evolve. So this week, one of the world’s biggest providers is adding a few small features to help protect consumers.

GMail is giving its millions of users a heads up about two different security practices: encryption and authentication.

The analogy Google decided on for e-mail encryption back in 2014 was about using an envelope vs writing on a post card. Putting your mail in an envelope isn’t a surefire guarantee that nobody will intercept and open it if they’re really determined, they explained, but it does keep the more casual prying eyes out.

The presence or absence of encryption, in and of itself, doesn’t necessarily tell you anything about the safety of a message, its sender, or the content, Google reminds us, but it does tell you how easy it would be for a third party to eavesdrop.

GMail uses an encryption method called TLS and automatically applies it to your email if it can — but the sender or recipient of your message also has to be using it, and that’s where this new feature comes in. When you’re composing or reading an e-mail to someone whose service doesn’t support TLS encryption, you’ll get a little broken lock icon in the upper right hand corner, like so:

Google's illustration highlighting where the lock icon will appear.

Google’s illustration highlighting where the lock icon will appear.

The other warning Google will start giving users has to do with authentication: that is, is the name on the message provably actually the entity that sent the message?

We all get messages from spoofed addresses all the time. Hopefully, most of them go to our spam folders. A lack of authentication doesn’t necessarily guarantee that the sender is an impersonator up to no good, but it does mean the recipient should tread with caution — a yellow light, as it were. To that end, GMail is putting in another subtle reminder: instead of showing the regular avatar or logo that GMail would usually show next to a sender’s name (or even the standard square “blank” avatar it uses when none is specified), it’ll show you a big red question mark.

Again, the question mark isn’t necessarily proof that the message you’re getting is nefarious, but it’s a good marker to make you stop and go over the message more carefully.

Making email safer for you [GMail Blog]