Seem like good ideas, more of this kind of thing!
Poor old SMTP, got lumbered with being the communication backbone of the planet when it was never designed with security, authentication, etc in mind.
Google's taking some of the user interface techniques it uses to flag insecure Web pages and applying them to email. The plan: to warn users of Gmail on the Web when they receive emails from people who aren't using encrypted connections, or if message authentication fails. The change is outlined on the Gmail blog. While a …
In every single way, yes. The problem is with backward compatibility, you need it to be all or nothing to be effective.
TBH despite Facebook being one of the shittiest user interfaces ever devised, I suspect the closed garden approach to messaging was one of their stronger points - all messages got through, no spam messages got through, and if email had those characteristics their competitive edge would have been reduced.
Most SMTP server certificates are self-signed. You do not know how to trust it. Similarly, most people that happily run secure SMTP servers with self-signed certs will balk at the 200 quid you need to shell to Verisign for a cert which has been marked to allow usage other than web servers multiplied N times your mail relay count.
I suspect that this is nothing but another one of their continuous anti-competitive ploys to move everyone either to Google services or failing that to one of their few remaining cloudy oligopoly "competitors". Same as, for example, deliberately sabotaging greylisting - you have no choice but to run brute force anti-spam using methods that are at no cost to (surprise, surprise) Google if you are to receive mail from them. Same as not implementing delivery failover to v4 MXes if v6 is present - so that if you happen to have v6 you have to have the infrastructure resilience of a small oligopoly to get mail from gmail and so on.
It is just dressed into a security dressing, but so are Facebook track everyone cookies too (according to their Eu court depositions).
The type of person open to phishing attacks will blithely skip past the question mark icon, or at best, assume it is part of the mail as the bank wants to ask a question. Nothing less than a dialog box stating something along the lines of "this email might not be coming from the person/organisation in the 'from' field" will suffice. An option in 'preferences' to supress these messages should be enough to keep the irritation level down in those slightly more aware.
too right.
the only difference this is going to make is to the number of people who phone me up asking me what the question mark next to lots of their emails are.
the people who will currently fall for phishing will still fall for phishing. they never read anything, take advice or think about what they are doing. they sure as shit are not going to understand the message because they wont read it anyway, and even if they do, that part of their brain marked with "AAARGH COMPUTER LANGUAGE - ABORT ABORT" will fire up and they will either call me or ignore it or have some kind of of metaphysical dichotomy and their brain will shut down.
the people who currently wont fall for phising still wont fall for it.
The problem with phishing emails is not that they make any serious effort to look like banks - often they're illiterate - but the lengths banks go to to make their emails look like phishing.
The article doesn't say how gmail recognises whether an email is genuine, but the obvious tool is SPF. Unfortunately, banks and utilities like to send their emails via third parties such as messagelabs.com, without bothering to declare the fact in their SPF records.
Then there's their liking for registering loads of domain names, not just bank.co.uk but bankonline.co.uk, thebank.co.uk, mybank.co.uk and so on.
"the lengths banks go to to make their emails look like phishing."
And thus train their customers to fall for phishing. With a bit of luck this will encourage banks and other businesses which should know better to tighten up their internal procedures. If this means a few marketroids get fired for breaching them it's a double gain.
Apart from the self-signed nature of most TLS certs, there is also a question where exactly Google looks for encryption.
Especially with ISP email there may be multiple relays (typically for spam filtering), and the question is if Google can distinguish between an internal (LAN) transfer which could be unencrypted yet still safe (classic daemon data exchange), and an external transfer which could be in cleartext, but one stage before Google sees it. That will still be visible in the mail headers, but it depends on how Google picks it up if that is flagged correctly.
Do it wrong, and you get a false sense of security, do it too correct and you raise alarms where none are due.
However, using Google should never give you a sense of security anyway - if it does, you clearly have no idea what privacy looks like.
While you are right, anything which names and shames the players who don't use TLS in the hop to/from gmail would be welcome. Use of TLS on that hop doesn't mean that the mail was secure but it, at least contributes to making TLS use not suspicious. When we, eventually, have certificate checking as well (using DANE or something else) then TLS may actually start to make a useful contribution to security.
On my personal mail server I already flag all incoming mail which has not been received using TLS. Unfortunately my emails to the senders to complain are invariably ignored.
The fact that Google does some clever detection should not distract you from the fact that they are reading your email with your permission, and that of the senders without theirs. Google simply wants to make sure that it and its agency associates are the only ones having access to your mail.
This sort of thing really pisses me off. Why the **** would anyone want to start encrypting *everything*? I have a mail server that sends out automated non-sensitive messages (*not* spam), and I foresee lots of pointless dicking about coming up. Consider:
1 - Google is a prime mover behind 'TLS Everywhere';
2 - Google charges for TLS on inbound connections;
3 - Google is behind 'Let's Encrypt', which issues free TLS certificates, which are trivial to get (I have one myself, and I did the whole thing online in a few minutes, with no human intervention);
4 - The Let's Encrypt certificate proves exactly nothing except that I have control of the server for which the certificate was granted (I only had to post stuff on it to get the certificate);
5 - Phishers control their own servers anyway, so can trivially get their own certificates. There is *no* "protection".
6 - If you really want private email, you wouldn't do anything as stupid as attempting to encrypt the connection - you'd encrypt the *email*
7 - the whole point of SPF records is to make sure that the email came from whoever it claims to have come from, and webmail providers do a good job of SPF validation. This adds exactly nothing
8 - Conclusion: this is all about Google trying to make money.
The only reason I had to get a certificate was because some pointless retards who run a public, non-sensitive and non-commercial website (ie. most sites) which I need automated access to decided to take TLS-only connections. Why?
I also run mailing lists where about 30% of recipients have gmail accounts, and another 35% have Microsoft webmail accounts. The emails are opt-in, non-commercial, non-spam, and are SPF- and DKIM-signed. About once a year Microsoft will silently cut off all outlook/live/hotmail/msn recipients, and I have to dick about for a day with some retard at Microsoft to get them re-enabled. I now suggest to new subscribers that they don't use Microsoft accounts. This never happens on gmail, aol, gmx/whatever. If Google starts popping up warnings for recipients who happen to be on gmail, they'll get the same treatment.
The reason to have all email using TLS is to make it normal. Pre-Snowden, all email was in the clear and spooks could just sweep up everything by tapping a few links. You could even, easily, see whether the mail was end-to-end encrypted and, even if it was, the addresses of both sender and receiver. At that time, anything which was encrypted was a red flag that this was likely to be worth looking at.
Over time, much email is now TLS encrypted. It cannot be just swept up "just in case it is useful one day". And it is impossible to see which are the interesting messages, which messages are encrypted, and who they are to and from. To make that stronger, even the most boring messages should be encrypted. I am looking forward to being able to turn off all non-TLS email receiving on my personal servers.
In today's world, encryption isn't about protecting YOUR messages, it is about protecting EVERYONE ELSE'S messages.