Gmail Security Enhancements

UPDATE 10/06/16: A new version of the Gmail mobile app for android, version 6.9.25 began rolling out today.  This update brings with it a couple of features including one security enhancement.

As launched back back in February on desktop, mobile users will now see similar indicators when emails they receive (or recipients of emails they are sending to) are not using TLS  encryption.

As with the desktop, users will see a red padlock in either situation, either receiving or sending when TLS encryption is not used.

<<<<<END UPDATE>>>>>


In conjunction with Safer Internet Day, Gmail is rolling out a few security enhancements to better protect its users. 

The first of these improvements is a change to the Avatar that appears for emails that come from someone that uses an email service not supporting authentication. Instead of seeing their profile picture, you will see a question mark as their avatar, along with a message saying that Gmail could not verify that the message actually came from that sender. This will be applied to any message that came from an email service that does not pass either of the authentication methods, SPF (Sender Policy Framework) or DKIM (DomainKeys Identified Mail).

In addition to the new avatar, there will also be an indicator showing when a message was received and not encrypted.  If the email received was not encrypted, there will be an image of a broken padlock displayed next to the senders email address as shown below. Similarly, if you send an email to a recipient that does not support encryption, the broken padlock image will be displayed. Clicking on the broken padlock will give you a warning message showing what recipient does not support encryption and that you should consider removing the recipient if the message contains sensitive information.

You can read more about How Encryption Works here.  These changes will be web and Gmail only, not on mobile or Inbox by Gmail at this time. 



Read the full announcement from Gmail here.