2016/02/22 by Jérôme Gays.
Gmail’s wide deployment of TLS
When talking about authentication and encryption technologies —such are SPF, DKIM, DMARC—, Gmail has always been at the cutting edge of the topic. After having implemented Google Postmaster (read our related article), it is therefore possible to monitor the percentage of Google’s outgoing and incoming emails TLS encrypted or not.
Announced by Google last week, this topic concerns directly TLS. Let’s not forget that TLS (Transport Layer Security) is the successor of SSL (Secure Sockets Layer). TLS ensures the veracity, confidentiality and content integrity of all the exchanged data through the network. When 2-email servers communicate between them through this protocol, it becomes possible to exploit this technology to get safer email exchanges.
VISUAL AIDS FOR USERS.
Gmail deploys TLS as of several years from now. However, the huge change comes from the fact that Google highlights the lack of this technologies. Indeed, when incoming emails get into Google’s webmail without being authenticated by TLS, these emails are red-chained displayed to the user.
In the same way, if a user is trying to send an email to a non-TLS domain, he will then be alerted by the same visual displays.
ADOPTING TLS AS THE ENCRYPTION PROCESS.
Through these enhancements, Google manifests its will to boost TLS deployment for all email exchanges. Visual aids should encourage advertisers — who are not yet encrypting their emails — to do so by fear of thrust decrease on customer and prospects.
KEEP ON HIGHLIGHTING SPF AND DKIM AUTHENTICATION PROCEDURES.
The other big enhancement implemented by Google is the modification of the sender’s icon when experimenting email-authentication issues (using SPF and DKIM). On the other hand, given the stringent policy applied by Gmail regarding authentication matters, it is quite rare to bump into this icon with a question mark, since emails who fail authentication end up quickly in the spam folder.
DELIVERNOW MIGRATING ALL CLIENTS TO TLS.
Having acknowledged these measures, DeliverNow started as of several weeks ago the migration to TLS of all its PowerMTA clients in order to render their emails completely TLS-friendly. Feel free to contact us if you want some hand-in-hand advice regarding this topic.