Always and Forever: HTTPS Encryption for Gmail


Posted on

httpsNo love has been lost for the National Security Agency after it was revealed that they were intercepting data between servers and computers. And it had yielded a strong response from Google. On March 20th, Google posted that they will always use an encrypted HTTPS connection whenever users check their mail. This move ensures that no one, not even the NSA, can listen in or read user messages as they move through Gmail’s servers.

HTTPs encryption was offered by Google since Gmail launched and was enabled by default in 2010. However, users had the ability to disable it. Today, “always on” HTTPS encryption ensures (to the best of Google’s ability) complete privacy and safety of your messages touting 99.978% uptime as a prime security measure from prying eyes.

Beyond the behind the scenes action, Google recommends a series of security measures that the user can take to help secure their messages. You can find the full Gmail security checklist here. But for starters, here’s an overview:

  • Create multiple, strong passwords. Long passwords that consist of numbers, mixed-case letters, and symbols.
  • Sign out. Always sign out of your account particularly when using public computers, and shut down your browser. Also, lock your screen for added security. This is a best practice in general, not just for email.
  • Monitor your activity. Check for suspicious activity by clicking on the “details” link at the bottom of any Gmail page to see where your mail was accessed from by IP address. Also look for missing messages or unfamiliar messages sent from your account. If anything looks strange, change your password and log out of your account.  You can learn more about suspicious activity here.
  • Check your settings. Review your settings to ensure your information is up-to-date and valid including “from” addresses, vacation responders, signature lines, and the like. Also, remove any unwanted accounts in your POP settings and check your filters, deleting ones that are no longer useful.
  • Check for malware. Run antivirus scans, ensure your operating system is up to date, and make sure you have the most up-to-date versions of your software. This also includes ensuring that you have the latest version of your browser.
  • Enable 2-Step verification. This requires that you log in with your password and a verification code that is sent to your mobile phone. But don’t forget to set up additional recovery options in case you don’t have your phone or don’t have access to it.
  • Avoid suspicious messages. Don’t respond to any messages that ask for personal information, are from unfamiliar contacts, or from familiar contacts urgently asking you to take a specific action. Sometimes, even a simple link that looks like it comes from a friend could be nefarious, so use your best judgment before clicking.
  • Use secure networks. WiFi allows you to connect from anywhere, but it also serves as a gateway to your device if you access the internet over an unsecured connection. Therefore, secure your home networks, preferably with a WPA2 setting, and avoid banking and shopping over unsecured networks. As stated above, Google has encrypted your email so that interlopers can’t peek in on your private business, but you can’t be sure what is happening elsewhere so be cautious.

For more detail on Google’s security recommendations, view their checklist and walk through each step.


Carly Brantz is a veteran in the email deliverability space working to make email simple and easy for developers by regularly writing whitepapers, research briefs and blog posts about email, technology and industry trends.

Carly Brantz on Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>