On Tuesday, February 9, as part of Safer Internet Day, Gmail announced a new TLS encryption padlock in messages sent and received in Gmail. Our Chief Security Officer, David Campbell, and I collaborated to share our thoughts on the update, below.
Google’s Gmail team has been using their effective spam filtering as a product differentiator, and it’s a winning strategy. They’re now also using security as a product differentiator—which is more and more important in the post-Snowden era. Trust is the foundation of a healthy communication ecosystem.
How SendGrid helps
SendGrid does the heavy lifting to authenticate and securely transmit messages, shielding our customers from a great deal of complexity. Our sender authentication feature makes it easy to configure DKIM and SPF settings so our customers’ mail doesn’t trigger the new “question mark” that Gmail’s UI now displays when authentication checks fail.
SendGrid was one of the first ESPs to deploy opportunistic TLS for all of our customers, way back in mid-2014. We automatically encrypt and protect messages as they flow from our servers to Gmail and Google Apps.
What does this mean for senders and recipients?
We can’t expect consumers to understand or be burdened by implementing and using encryption, so the security industry and technology providers need to take this on. As such, we’re pleased to see Gmail now makes it clear when a message has been sent to or received from an email provider that doesn’t support Transport Layer Security (TLS).
We’re happy that Google has added the aforementioned question mark to their UI that indicates doubt about the source of a message in cases where a message comes from a provider with an invalid SPF record, or arrives without a valid DKIM signature.
These simple UI techniques make this information accessible for the average email user who ordinarily wouldn’t take the time to decipher SPF or DKIM results from email headers. (Note that what Google has deployed is not “end-to-end encryption,” but does provide enhanced visibility into what are often poorly understood security attributes of email messages.)
For more on the announcement, read Gmail’s official post and to learn more about SendGrid and TLS, read a post from SendGrid’s Co-founder, Tim Jenkins: The Myth of Opportunistic TLS and Email Privacy.