Jump to content

Search the Community

Showing results for tags 'gmail'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 46 results

  1. Gmail becomes first major email provider to support MTA-STS and TLS Reporting Google rolled out MTA-STS and TLS Reporting support for Gmail servers today, April 10, 2019. Google announced today that Gmail has become the first major email provider to support two new security standards, namely MTA-STS and TLS Reporting. Both are extensions to the Simple Mail Transfer Protocol (SMTP), the protocol through which all emails are sent today. The purpose of MTA-STS and TLS Reporting is to help email providers establish cryptographically secure connections between each other, with the main goal of twarthing SMTP man-in-the-middle attacks. SMTP man-in-the-middle attacks are a major problem for today's email landscape, where rogue email server operators can intercept, read, and modify the contents of people's emails. The two new standards will prevent this by allowing legitimate email providers to create a secure channel for exchanging emails. WHAT'S MTA-STS AND TLS REPORTING? For example, SMTP MTA Strict Transport Security (MTA-STS) works by allowing email server admins to set up an MTA-STS policy on their server. This policy allows a legitimate provider to request that external email servers verify the security of a SMTP connections before sending any emails. Minimum requirements, such as forcing external email servers to authenticate with a valid public certificate encrypted with TLS 1.2 or higher, can be enforced, depending on preferenes, ensuring that emails sent to a company's server travel through an obligatory and properly encrypted channel --or they don't arrive at all. In addition, the TLS Reporting SMTP extension sets up a reporting mechanism through which a legitimate email server can request daily reports from other email servers about the success or failure of emails that have been sent to the legitimate server's domain. Both, when combined, will either prevent or help email server admins identify SMTP man-in-the-middle attacks against their email traffic. GOOGLE, MICROSOFT, YAHOO WORKED ON PROTOCOLS FOR YEARS While Google was the first email provider to roll out MTA-STS and TLS Reporting today, others are expected to follow, with Microsoft, Comcast, and Yahoo in the driver's seat, as all three worked with Google enginers to standardize the two SMTP security extensions at the Internet Engineering Task Force (IETF) --the organization that approves internet standards. And yes, both are IETF-approved standards already. MTA-STS is IETF standard RFC 8461, while SMTP TLS Reporting is RFC 8460. For now, Gmail servers are the only ones supporting these two new standards, which will become truly effective when other email providers join in and create a mesh of properly-encrypted connections between all email servers worldwide. Source
  2. How to enable and use Gmail’s AI-powered Smart Reply and Smart Compose tools Time-saving tools for writing on the go Photo by Amelia Holowaty Krales / The Verge Leading up to Gmail’s 15th birthday this week, Google has been adding a lot of productivity and machine learning tools to its email service. (It may also be trying to make up for the disappearance of its Inbox email app, but that’s an argument for another day.) New additions this week include a way for Gmail to write email subject lines for you and schedule an email to send at a later time. Compounded with a redesign that launched last year for desktop and earlier this year on the mobile app, it can be a little confusing to navigate some of Gmail’s newer features. In this tutorial, we’re going to focus on Gmail’s auto-completion tools like Smart Reply and Smart Compose, which are designed to help you save time. Letting a machine help write emails and subject lines for you can feel a bit unusual, but if you’re open to at least trying it out for yourself, here are the ways to automate your Gmail responses. ENABLING SMART REPLY AND SMART COMPOSE To allow Gmail to generate responses and email text, you first have to opt in from your Settings menu. If you are a regular Gmail user (instead of G Suite enterprise edition), here’s what to do: ON DESKTOP Click on the gear icon on the upper right side and find the Settings page. Scroll down to Smart Reply and Smart Compose and choose “On” for either or both to enable the automated suggestions. You can also choose to allow Gmail’s machine learning to personalize the suggestions based on the way you write your emails. For example, if you greet your colleagues with “Hi, team” versus “Hello, everyone,” it will automate to whatever you use most often. ON THE ANDROID OR IOS APP Tap the hamburger icon on the upper left side to open the side drawer. If you have multiple Gmail accounts tied to the app, select the one you want to address. Scroll down to Settings, and tap the checkbox on Smart Reply and / or Smart Compose to toggle the mode on. (Smart Compose is only offered on Android at this time.) If you use G Suite, you may notice that the option to toggle on Smart Compose is not available. Your G Suite admin must enable this for the organization, so contact the person in charge if you’d like to test this out at work. Once the settings are turned on, your Gmail is set up to suggest replies and help auto-finish sentences based on your writing style. WHAT IT LOOKS LIKE My colleague Dani has a Smart Compose-specific tutorial for writing emails, but basically, you just start typing, and Gmail will begin suggesting words that might fit the sentence you’re writing. Be aware that it won’t always come on for every email you write. Because Gmail needs context, you’ll likely find Smart Compose chiming in when you’re responding to an email or if you’re starting emails with some generic statements like “Nice to meet you” or “Hope you’re well.” If Gmail has a suggestion, an opaque set of text will appear next to what you’re typing. On the desktop version of Gmail, you can press tab to accept the suggestion. On the mobile app, if a suggested word or phrase appears, swipe right to add it to the email. New for G Suite customers is the ability for Smart Compose to also suggest email subjects. Gmail just began rolling this out to customers on April 4th, with a wider release to come on April 23rd. To start using this right away, your G Suite admin must allow users to receive an update on the Rapid Release track to give the new feature a try. Once enabled, it works just like regular Smart Compose. Leave the subject line blank, and start writing your email. Once you go back to fill out the subject line, Gmail will offer a suggestion that you can accept by pressing tab on the desktop app or swipe right on mobile. SMART REPLY FOR CANNED RESPONSES Smart Reply works a little faster than Smart Compose. Instead of suggesting words or short phrases for you, Gmail will offer three responses that might suit the email you’ve received. For example, if you’ve gotten an email reminding you of an appointment, Smart Reply may suggest responses like “Confirmed,” “Thanks,” or “I can’t make it.” Tapping these responses will not send the email right away. You can add more text to the suggested answer before choosing to send it. If you are in an email conversation with several people, be aware that responding with a Smart Reply will CC everyone on that email. You’ll have to manually remove the people you don’t want in that response, so it’s best to only choose Smart Reply for emails you mean to send to everyone in the thread. SHOULD YOU ACTUALLY USE IT? Choosing to let a machine write your emails may feel impersonal, but it’s not designed to write the whole email for you. Smart Compose and Smart Reply work best when you use them to add filler sentences or quickly respond to yes or no emails. Plus, Gmail has gotten a lot better at suggesting responses that will make sense 90 percent of the time. (In my experience, the responses tend to veer toward affirmative answers, so they may not work best if you’re less prone to agreeing to everything.) Besides, if you give this a go and find that you’d rather type your own answers, just go back to Settings and toggle those features off. Source
  3. When it comes to email, calendar and contacts, Microsoft Outlook has long ruled the roost, but Google's G Suite combo of Gmail, Google Calendar and Google Contacts is worth a second look. Thinkstock / Google / Microsoft Some people will tell you that social media, chat platforms and videoconferencing have replaced email as the most important means of communication in the workplace. Don’t believe them. Email remains the lifeblood of business and will do so into the foreseeable future. When it comes to email in the business world, there are two main products to consider: Microsoft Outlook and Google’s Gmail. Outlook has long been the standby in the workplace, but Gmail has been growing in popularity. Each has changed significantly over the years and continues to change. Because of that, you and your company may want to reconsider which you use for work today. To help you decide which is best for you, I’ve put them both through their paces. I’ve examined their basic interfaces; how you create, read and respond to messages; and the options for managing email. I’ve also compared Outlook’s calendaring functions to Gmail’s companion, Google Calendar, and Outlook’s contacts capabilities to Google Contacts. For this review I primarily worked using the desktop version of Outlook for Windows that is part of Microsoft Office 365, and I worked with Gmail in a web browser, naturally. However, it’s a multiplatform world, so I also tested both Gmail’s and Outlook’s mobile apps, the Outlook for Mac desktop client, and the web version of Outlook. Before we begin, a few notes about price. Gmail is part of Google’s licensed G Suite package for businesses, and it’s free for individual use. Microsoft Outlook is available as part of Microsoft Office, which has a variety of different iterations for personal or business use, and is available as either an annual subscription or a one-time purchase. Individuals can use the online version of Outlook for free, but its functionality isn’t as robust as the desktop client's. With all that in mind, let’s get started. <snip> Poster's note: This is a long, comprehensive and detailed multi-page article. Please visit the link below to view the full article. Poster's note 2: Sorry didn't realise, free registration required to view the rest. Source: Outlook vs. Gmail: Which works better for business? (Computerworld - Preston Gralla)
  4. New Gmail feature will let you easily schedule emails Google’s e-mail service Gmail has turned 15 and to celebrate the tech giant has introduced a handy new feature. Users can now schedule emails to send at a particular time within Gmail. “Just write your email as you normally would, then schedule it to arrive in your recipient’s inbox at a later date and time,” Google said in a blog post. Here’s how to do it: First you’ll need to actually wait for the feature to roll out fully which should happen in the coming days. Google said it started rolling out the feature on Monday but it could take up to a couple weeks to reach everyone. You don’t have to install any software upgrades to get new features in G Suite. Instead, features appear in users' accounts automatically. Once you’ve got the update, when it comes to hitting send on an e-mail, you will notice that you can click on a little arrow on the right side of the blue “Send” button and then hit “Schedule send”. In the mobile app, tap the three dots in the top right corner to bring up the menu which allows you to schedule messages. From there, you just choose the date and time you want it to drop into the recipient’s inbox. Scheduled messages will appear in a “Scheduled” folder while queued to be sent. For some reason, Google thinks this has something to do with respecting people’s digital wellness but at any rate, it’s a welcome feature. Until now, you had to rely on third-party Chrome extensions to schedule your messages or compose an email in draft mode and then go in a hit send at the desired time. But now you’ll be able to more easily schedule emails to be sent at any time of day or night. The company has also improved its Smart Compose technology that guesses what we want to write and pre-empts us with suggestions to speed the whole thing up. Google says it has made the technology work to be more personalised to the user and their writing style. So hopefully Google can figure out that I am far less liberal with my exclamation marks than it seems to be. On mobile, Google is also bringing Smart Compose to Android and iOS, no longer making it exclusive to its own Pixel 3 smartphone. Source
  5. Google announced recently that an update of Gmail's right-click menu functionality will land in February 2019. Gmail's right-click menu is not particularly useful at this point in time as it provides only a handful of options. Right now, the only options provided are delete, archive, mark as unread, and move to tab. Gmail users have to select emails and wait for other options to appear at the top of the screen to activate them. Often used actions such as reply or forward, snooze or label, are found there only. Google announced the change on the G Suite Updates blog. The update will roll out to all G Suite Gmail users and will be enabled by default. No word on whether it will land for free Gmail users as well but it seems likely that this is going to happen. Gmail: improved right-click menu Gmail users who right-click on an email may make use of the following functionality once the update has reached their account: Reply to the right-clicked email. Forward the email. Snooze the email. Mute the conversation. Add a label. Move the email. Use search to find emails by the contact. Use search to find emails with the subject. Open emails in new windows. Gmail users can open the context menu using a right-click, the Menu-key on Windows keyboards, or Ctrl-click on Mac OS X devices. The rollout has started already. Google plans to roll out the change to all G Suite users until February 26, 2019. Many features that land for G Suite customers are implemented for free users as well eventually, and usually in a short period. Closing Words It is about time that Google makes the right-click menu more useful on Gmail. The current options are not thought out well in my opinion. Once the change lands, it is possible to use often used actions such as reply directly from the list of emails; something that has not been possible before using the user interface, if I'm not mistaken. Source: Google finally making Gmail's right-click menu more useful (gHacks - Martin Brinkmann)
  6. You might not suffer from Inbox withdrawal for much longer. Google has assuaged Inbox fans by incorporating some of the defunct app'sfeatures into Gmail, but some of the best additions might still be on the horizon. Reddit user moodio shared an apparent leakshowing a test version of Gmail for Android with reminders, pinned messages and category bundles (which help you deal with multiple messages at once). You might even see a quick "mark all as read" button so that you don't have to methodically select every message. Moodio stressed that this was "very early," and that there were "different design iterations" in progress. It might not resemble exactly what you see below, no matter how accurate the leak might be. It lines up with Google's strategy of reintroducing Inbox features, though, and would be well-timed when the I/O conference takes place in May. If you're still suffering from Inbox withdrawal, you might get your fix relatively soon. Source
  7. Google is pushing a big redesign to the mobile Gmail app on Android and iOS. The update was announced yesterday, and after spending some time with the new app, we're going to comb through the finer details and see what has changed between New Gmail and Old Gmail. For now the release is only out on Android, but like the old Gmail design, it should look identical on iOS. If you're on Android, you want Gmail version 9.x (the old design is Gmail 8). If the Play Store isn't serving you the update and you're into sideloading, APKMirror has a safe download. The iOS version is still wending its way through the App Store approval process and should be out sometime this week. The new design is a good match for the new desktop Gmail design that came out in April, along with all the other apps using the "Google Material Theme" design language. Everything is really white—an homage to the Google homepage—and everything uses rounded corners. The horizontal line dividers are gone, leaving nothing but white space to separate your messages. Control iconography is changed to Google's new outline style, and while message text remains in the Roboto font, everything else now uses Product Sans (the same typeface as the Google logo). When you first enter the inbox, it's hard to miss the death of the big red header at the top. Instead of a red action bar, the new Gmail design uses a white search bar across the top of the app. Search is certainly promoted more with this new design, but getting to it isn't any faster. When it was a magnifying glass icon on the old Gmail design, it was a tap away; with the huge search bar, it's still a tap away. The search bar does look better than the mostly blank action bar that was used before. The side navigation panel is still a tap away via the left "hamburger" button inside the search bar, or you can still swipe in from the side to open it. The one new feature in the header, then, is the new account switcher, which exists on the right side of the search bar as your profile picture. Tapping on it pops up a window with all of your other accounts. Assuming you have unique profile pictures across your accounts, the profile picture display makes it easy to tell which account you're using from the Inbox view—something that wasn't possible on the old version of Gmail. Like most other Google apps, there's no permanent "Gmail" logo on the main screen anywhere. Sometimes, though, the search bar help text will go away and a fun "Gmail" logo animation will play inside the search bar. This seems to only happen when you open the inbox, and even then it only happens once every few minutes. It's a fun little touch when you catch it happening. The floating round compose button returns to the bottom-right corner of the screen, but instead of a pen icon on a red background, it's now a multi-coloured plus icon on a white background. The pen screamed "Compose a new email," but the new plus icon seems like a less-obvious indicator. Desktop Gmail sticks a loud, obvious "Compose" text label next to the plus icon by default, which helps a lot. Like the new desktop Gmail, by default the new mobile Gmail is very upfront about attachments to your messages. Instead of the usual paper clip icon, direct links to the first few attachments will appear in the inbox, right under the message preview text. Inbox densities: Gmail's one new feature Google has a few introductory pop-ups for users opening the new Gmail for the first time. After the welcome message, you'll be presented with a setting for Gmail's single new feature: Inbox densities. Just like on the desktop version of Gmail, you can now switch between "Default," "Comfortable," and "Compact" display modes for your inbox messages. The "Default" view is the biggest and shows contact icons, a line of preview text, and a row for the new attachment buttons. "Comfortable" kills the attachment row, and "Compact" additionally removes the preview text line and contact pictures. This can make a big difference in terms of number of messages on-screen. On a OnePlus 6, you'll get about 13 messages on-screen in "Compact" mode, while "Default" mode will show six complete messages per screen if every message has attachments. The rest of the UI is pretty much what you would expect. Gmail is getting a new coat of white paint, but mostly everything is where you would expect it to be. It's kind of disappointing to still see all the controls in the same spots. Along with this new Material Design rollout, Google has experimented with templates that put all the controls at the bottom of the phone. As devices continually get bigger and taller, bottom controls seem like a really good idea. For now it's the same old Gmail, just white. And speaking of the proliferation of lightness, this new Gmail doesn't have a dark mode. Lots of other Google apps are getting a dark mode, and it's expected to be a focus of Android Q. Hopefully Gmail gets a dark mode soon. Posters note: The above images are the first in slideshows. Please visit the link below to see the other slideshow images. Source: Hands-on with the new Gmail for Android (and iOS) (Ars Technica)
  8. WASHINGTON/SAN FRANCISCO (Reuters) - Alphabet Inc’s Google gave details about its policies for third-party Gmail add-ons but stopped short of fully addressing questions from U.S. senators about developers who break its email-scanning rules. How user data flows between big technology platforms such as Google and Facebook Inc and their partners has faced scrutiny around the world this year since Facebook revealed it had done little to monitor such relationships. Google said in a letter to U.S. senators made public on Thursday that it relies on automated scans and reports from security researchers to monitor add-ons after launch, but did not respond to lawmakers’ request to say how many have been caught violating the company’s policies. Senators may seek further clarity on Gmail’s operations at a Commerce Committee hearing about privacy practices scheduled for Sept. 26 with officials from Google, Apple Inc, AT&T Inc and Twitter Inc. Google did not immediately respond to a request for comment. Gmail users must give their consent to activate extensions, which can help them send emails on a time delay, get price-match rebates from retailers and remove unwanted mailing lists. Under Google’s policies, software firms that create these add-ons must inform users about how they collect and share Gmail data . The lawmakers’ inquiry came after the Wall Street Journal reported in July that some add-on makers did not make clear to users that their employees could review Gmail messages and that their data could be shared with additional parties. Software experts told Reuters in March that auditing of apps that interact with Gmail, Facebook and other services is lax. To be sure, sharing with a fourth party is essential to the functioning of some add-ons. For instance, a trip-planning app may scan a users’ email for upcoming flight details and then use the data to query an airline for updated departure information. Google told senators it has suspended apps due to “a lack of transparency to users,” without identifying violators or when enforcement actions took place. Gmail, used by 1.4 billion people, is not the only Google service drawing lawmaker questions about oversight. House lawmakers asked Google in a separate letter in July whether smartphones with its voice assistant tool can or do collect so-called “non-triggered” audio in order to recognize phrases like “Okay Google” that activate voice controls. The lawmakers cited media reports and said there had been suggestions that third-party applications have access to and use this non-triggered data without disclosure to users. Source
  9. Email makes it easy to share information with just about anyone—friends, colleagues and family—but drafting a message can take some time. Last year, we introduced Smart Reply in Gmail to help you quickly reply to incoming emails. Today, we're announcing Smart Compose, a new feature powered by artificial intelligence, to help you draft emails from scratch, faster. Draft emails quickly with confidence From your greeting to your closing (and common phrases in between), Smart Compose suggests complete sentences in your emails so that you can draft them with ease. Because it operates in the background, you can write an email like you normally would, and Smart Compose will offer suggestions as you type. When you see a suggestion that you like, click the “tab” button to use it. Smart Compose helps save you time by cutting back on repetitive writing, while reducing the chance of spelling and grammatical errors. It can even suggest relevant contextual phrases. For example, if it's Friday it may suggest "Have a great weekend!" as a closing phrase. Get started Over the next few weeks, Smart Compose will appear in the new Gmail for consumers, and will be made available for G Suite customers in the workplace in the coming months. To get started, make sure you’ve enabled the new Gmail by going to Settings > “Try the new Gmail.” Next, go to the general tab in your settings, scroll down and enable “experimental access.” If you want to switch back, you can always uncheck the box. < Here >
  10. It’s all business Google unveiled a new Gmail design this week, overhauling its free email service with new features and a fresh look. Beyond the new design, smart replies, and email snooze features that regular Gmail users will enjoy, Google is adding in some smart business-focused features designed to improve productivity, security, and manage the sharing of emails. These are the types of features you’d usually find in rival software like Microsoft’s Outlook app that a lot of big businesses use for workplace emails. Microsoft dominates workplace productivity software, and Google has been a distant second with its G Suite offering for years. Google obviously wants that to change. There’s a new confidential mode for setting expiration dates on emails, for example, and you can even block recipients from forwarding, copying, downloading, or printing particular messages. It’s the same information rights management (IRM) that Microsoft originally introduced in Outlook back in 2007. Google is also adding improved email phishing detection, two-factor authentication to protect emails, and even the ability to use a more robust offline mode so travelling business users can simply use their regular Gmail tab in a browser without having to worry about connectivity. The biggest visual changes are also aimed at improving productivity for business users in Gmail. There’s a new sidebar which means you can look at calendar appointments side-by-side with emails, and even new quick hover buttons to delete or archive messages without needing to open them. I’ve been using the new Gmail and a lot of these new features remind me of Outlook, which is only a good thing. Outlook has always kept mail, calendar, contacts, and tasks within a single app, and cleverly surfaced these when you’re trying to create a calendar appointment, or find someone’s number in a corporate directory. It’s one of the reasons I still use Outlook for iOS, because it keeps your calendar information, contacts, and email all within a single place instead of having to jump in and out of apps. Google’s new sidebar in Gmail feels like a first big step towards better integration of mail, calendar, tasks, and contacts within Gmail. Consumers will enjoy it, and business users will find it really useful for scheduling meetings or managing tasks. Likewise, the security features will be used primarily by businesses to make emails self-destruct, or to avoid simple human errors where emails go to the wrong person. All of these features are designed to get more businesses to seriously consider G Suite. Google has 4 million businesses paying for G Suite right now, compared to 120 million Office 365 commercial users. That’s double what Google had a few years ago, but Microsoft is still managing to dominate with Office 365. Microsoft even has 29.2 million consumers paying for Office 365, and it generates more revenue from Office 365 commercial subscriptions than regular standalone copies of Office. Google can clearly see Microsoft is outpacing its own growth in this area, and this latest Gmail update is an early response. Microsoft is aiming to get two-thirds of its Office business customers over to the cloud (from standalone Exchange and Outlook) over the next 15 months so Google has a major battle ahead for big business. It’s not going to be quick or easy, but Google does have some important advantages over Microsoft. 1.4 billion people are using Gmail, compared to 400 million on Microsoft’s Outlook.com service. Google’s G Suite also dominates in education in the US, alongside Chromebooks, and it has made some impressive inroads in small businesses. Google also has the obvious advantage of its Android platform without Microsoft’s hefty legacy support issues, and of being web-first with its products. All of these advantages should make it easier for Google to entice the next generation of workers and businesses over to G Suite. Google might never fully catch Microsoft in enterprise and big business, but that doesn’t really matter. This latest battle is good news for all users of Office 365 or G Suite. It’s the competition that has forced Microsoft to make some changes to Office 365 and Outlook.com to improve its own software and services. Likewise, Google is now improving its own products for businesses. Everyone wins when there’s solid competition, and the war between G Suite and Office 365 is definitely getting a whole lot more interesting. < Here >
  11. Google is currently dealing with one of the more bizarre cases of email spam we've seen. Gmail users with completely secure accounts are discovering spam messages in their sent folders. They didn't send these emails and have no idea how they got there. As Mashable reports, the emails listed in the sent folder are your typical spam messages offering loans, weight loss solutions, and growth supplements for men. The discovery of the emails led some users to change their Gmail account passwords. But others confirmed two-factor authorization was still active and working on their account, so they turned to Google's Help Forum. It turns out Gmail users have nothing to worry about and their accounts remain secure. Google explained that this is indeed a spam campaign, but the messages appearing in sent folders were never sent from the accounts. In a statement, Google explained that, "This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder." Each email looks as though it was sent to around 10 recipients, none of which are known to affected users. Many of the messages are also being sent via telus.com, but the Canadian telecom company confirmed none of the messages are being generated by Telus or sent via Telus' servers. Google insists only a small subset of users are affected, and it is working to ensure all the rogue emails are reclassified as spam. < Here >
  12. In just a few weeks’ time, Gmail for web might look quite a bit different. G Suite users today were alerted to an incoming Gmail redesign that promises to have a few new features in tow. While we don’t know what the redesign will look like yet, it has the potential to be pretty big, as the web version of Gmail has looked more or less the same for a while now. Google announced the incoming redesign in an email to G Suite subscribers, which The Verge managed to get a copy of. The redesign will launch first in G Suite’s Early Adopter Program, eventually becoming available to those with a personal Gmail account as well. Google took the time to outline some of the new features that will be coming along with this redesign, and even though the list is fairly short, it paints an exciting picture for someone who’s bored with Gmail’s current look. For starters, Google promises a “fresh, clean look for Gmail on the web” that offers easy access to G Suite apps like Google Calendar from within the email interface itself. We’ll also see smart reply make its way to web, which has been a feature available in the mobile version of Gmail for a while. Users will also be able to snooze emails so they’ll reappear at a later time, and Google is planning offline support as well, though it sounds like it won’t launch until after the redesign is in place. Aside from those teasers, though, there isn’t much else to report, so we’re free to let our imaginations run wild. Google did confirm to The Verge that a redesign is indeed on the way, but said that it’ll be a little while longer before it’ll be ready to share more. So, for now, we wait. We’ll keep an ear to the ground for more, but while we wait, head down to the comments section and let us know your thoughts about a Gmail redesign – does the service need one, or should Google leave things the way they are? source
  13. dabourzannan

    Disappearing mail messages

    About two weeks ago, I started to see message in my gmail inbox that does not look suspicious, but as I do not open mails from someone, I do not know I mark such mails and delete them. Those mails once I mark them they totally disappear not in deleted not in junk nowhere to be found. I sure this must be malicious and will continue not to open any mail like this, but I need to understand what that could be. Would appreciate if someone help me.
  14. According to a new blog post on Google's blog, Google will soon stop scanning emails on its Gmail email service for advertisement purposes. Gmail scans user emails on Gmail for a variety of purposes. These include to make sure that they don't contain spam or malware, but also to use the information for advertising purposes. Privacy advocates have criticized Google for the practice, and Microsoft never failed to mention the fact and even used it in the company's infamous Scroogled advertisement campaign. Google uses the information that it gains from the scans, and information that it has about the user from other sources, to display targeted advertisement to the user. Google states that in Gmail's Terms of Service: Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored. Google's Diane Greene, SVP Google Cloud, announced the change in a new blog post on the official Google blog on June 23, 2017. G Suite’s Gmail is already not used as input for ads personalization, and Google has decided to follow suit later this year in our free consumer Gmail service. Consumer Gmail content will not be used or scanned for any ads personalization after this change. This decision brings Gmail ads in line with how we personalize ads for other Google products The decision was not made by Google's ad division, but by the company's Cloud division. The rationale behind the decision is that Google's Cloud division believes that organizations may not use Google's services because of the privacy implications that go along with scanning emails for advertisement purposes. Google's G Suite never displayed email scanning advertisement to users of the service, but Google believes that company decision makers may still have been confused by it. The outcome is positive for users of the free Gmail service: Google plans to stop scanning Gmail emails for advertisement purposes. This does not mean that the free Gmail won't show advertisement. The ad selection process however will use other available sources of information to display ads to users on Gmail, for instance from searches or from YouTube activity. Google is playing catch-up to Amazon and Microsoft when it comes to Enterprise cloud services. Revenue of the company's cloud division is on the rise; G Suite has more than 3 million users as of June 2017, and usage has doubled in the past year among large business customers according to the announcement. Source: Google won’t read Gmail emails anymore for advertisement(Ghacks)
  15. Security researchers have exposed a sophisticated hacking and disinformation campaign that targeted more than 200 Gmail users. Russian government hackers seem to have figured out that sometimes the best way to hack into people's Gmail accounts is be to abuse Google's own services. On Thursday, researchers exposed a massive Russian espionage and disinformation campaign using emails designed to trick users into giving up their passwords, a technique that's known as phishing. The hackers targeted more than 200 victims, including, among others, journalists and activists critical of the Russian government, as well as people affiliated with the Ukrainian military, and high-ranking officials in energy companies around the world, according to a new report. Researchers at the Citizen Lab, a digital rights research group at the University of Toronto's Munk School of Global Affairs, were able to identify all these victims following clues left in two phishing emails sent to David Satter, an American journalist and academic who's written Soviet and modern Russia, and who has been banned from the country in 2014. On October 7, Satter received a phishing email designed to look like it was coming from Google, claiming someone had stolen his password and that he should change it right away. As with seen with other phishing attacks targeting people affiliated with the Hillary Clinton campaign that led to the DNC leaks of last year, the email, however, didn't come from Google. It was actually from a group of hackers known as Fancy Bear, or APT28, whom many believe work for Russia's military intelligence, the GRU. A screenshot of the phishing email received The "Change Password" button linked to a short URL from the Tiny.cc link shortener service, a Bitly competitor. But the hackers cleverly disguised it as a legitimate link by using Google's Accelerated Mobile Pages, or AMP. This is a service hosted by the internet giant that was originally designed to speed up web pages on mobile, especially for publishers. In practice, it works by creating a copy of a website's page on Google's servers, but it also acts as an open redirect. According to Citizen Lab researchers, the hackers used Google AMP to trick the targets into thinking the email really came from Google. "It's a percentage game, you may not get every person you phish but you'll get a percentage," John Scott-Railton, a senior researcher at Citizen Lab, told Motherboard. So if the victim had quickly hovered over the button to inspect the link, they would have seen a URL that starts with google.com/amp, which seems safe, and it's followed by a Tiny.cc URL, which the user might not have noticed. (For example: https://www.google[.]com/amp/tiny.cc/63q6iy) Using Google's own redirect service was also perhaps also a way to get the phishing email past Gmail's automated filters against spam and malicious messages. "It's a percentage game, you may not get every person you phish but you'll get a percentage." According to Citizen Lab, who doesn't directly point the finger at Fancy Bear, the email was actually sent by annaablony[@]mail.com. That address was used in 2015 by Fancy Bear to register a domain, according to security firm ThreatConnect. And another domain used in the October attacks exposed by Citizen Lab was also previously linked to Fancy Bear, according to SecureWorks, which tracked the phishing campaign against the DNC and the Clinton campaign. Curiously, the email targeting Satter came just a few days before Google warned some Russian journalists and activists that "government-backed attackers" were trying to hack them using malicious Tiny.cc links. A screenshot of a phishing email received Now we know that in October of 2016, when the hackers targeted Satter and at least 200 other people, the trick of using Google AMP was working, and Google hadn't blocked it. Google has previously dismissed concerns about open redirectors, arguing that "a small number of properly monitored redirectors offers fairly clear benefits and poses very little practical risk." On Thursday, a company spokesperson said that this is a known issue and last year some Google AMP URLs started showing a warning if the company's systems are uncertain whether the link is safe to visit, such as this. But for some security researchers, they are dangerous. "The AMP service's behavior as an open redirect for desktop browsers was clearly abused in this situation and is also just trivial to abuse in general," Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an email. "There is undoubtedly some engineering tradeoff I'm not seeing that causes them to maintain it." Google's redirectors might not be the only part of Google's infrastructure that Fancy Bear hackers have been taking advantage of. Citizen Lab researchers found a Tiny.cc URL that targeted an email address—myprimaryreger[@]gmail.com—that other security researchers suspect was used by Fancy Bear to test their own attacks. A screenshot of the Google Plus page of "myprimaryreger[@]gmail.com," an account researchers believe was controlled That address had a Google Plus page filled with images that appear in real, legitimate Gmail security alerts. It's unclear what the hackers used these for, or if they used them at all. But the researchers said that perhaps the hackers were embedding them in phishing emails, and the fact that they were hosted on Google Plus perhaps helped thwart Gmail's security controls. The Fancy Bear hackers are known to use popular services like URL shorteners in their high-profile hacking operations. And, sometimes, those URL shorteners betray them and end up revealing who they targeted. Between March 2015 and May 2016, as part of their operation to hack Clinton's campaign chairman John Podesta, and former National Security Advisor Colin Powell, the hackers targeted more than 6,000 people with more than 19,000 phishing links. Some of those used Bitly URLs that, as it turned out, could be decoded to figure out who they were intended to. An analysis of the Bitly link used to phish John Podesta Similarly, in this case Citizen Lab researchers were able to identify the victims by figuring out that there was a pattern behind how Tiny.cc creates short URLs. That pattern, as research fellow Adam Hulcoop explained to me, "was chronological." So, starting from the links sent to Satter, the researchers were able to guess other links created around the same time. It's impossible to know why the hackers keep relying on services like Bitly or Tiny.cc, which end up exposing some of their operations—although months later. One explanation could be that their phishing campaigns are highly automated, given that they target thousands of people. So, as Hulcoop put it, they need a modular phishing infrastructure where every element can be modified if needed, as "an insurance policy of sorts" and they use third party services "to try and balance the need for OpSec [operational security, or the practice of keeping operations secret] with the ability to operate at scale." "The construction of the Tiny.cc shortcodes pointing to TinyURL shortcodes, which ultimately point to phishing sites on different servers. This modularity is likely by design so that the operator can change up the individual components, servers, redirectors, etc., and only abandon the pieces that are burned," he said in an online chat. "The more layers you have, the more flexible you can be." Article source
  16. Google has a new feature Google is rolling out a cool new feature that allows you to perform searches through your personal data - from Gmail or Photos - straight from the search engine interface. First spotted by Search Engine Roundtable, this new "Personal" tab shows you content from private sources, including emails and photos you've taken and uploaded to the cloud. There's nothing particularly difficult to figure out about this new tab because it works just like any other tab on Google. You first have to type whatever it is you want to look for like "flowers," and switch to the "Personal" tab, which you can find in the "More" tab at the end of the line. There, you'll find any emails you have received featuring this word, as well as any pictures stored in your Photos account containing flowers. As mentioned, this is a tab that you'll have to look for specifically if you want to look through it, as it's not included among the main ones. Incoming to you The feature seems to be rolling out slowly to users all over the world and looks like a great and interesting addition. After all, who doesn't like to be able to search through their personal data so easily and from a single interface? The feature works on both the web and the mobile versions of Google, so you can enjoy it wherever you are and whenever it happens for you to need to find something in your personal data without opening up loads of extra apps or, depending on what device you're using, tabs. To alleviate any worries people may have, the company added a notice on this new feature which states that "only you can see these results." This, of course, should make anyone concerned with seeing their private photos in a Google box relax some. Source
  17. Google takes steps to increase security Following the famous Gmail phishing attack from just a few days ago, Google has decided to make it more difficult for apps to get access to people's data. The company announced that new applications that request access to user data will, from now on, face more scrutiny. Some of these apps may even "qualify" for a manual review due to Google's enhanced risk assessment. “Until the review is complete, users will not be able to approve the data permissions, and we will display an error message instead of the permissions consent page. You can request a review during the testing phase in order to open the app to the public. We will try to process those reviews in 3-7 business days. In the future, we will enable review requests during the registration phase as well,” Google informs developers. Developers will continue to use their apps for testing purposes even before they get approved. They'll need to log in with an account registered as owner or editor of the project in the Google API Console. From there, they'll be able to add more testers and to start the review process. To add an extra layer of security, Google has updated the app identity guidelines. In them, it states that apps must not mislead users, which also indicates that they need to have unique names and not copy other apps, which is something that has happened countless times already. “These changes may add some friction and require more time before you are able to publish your web application, so we recommend that you plan your work accordingly,” Google says. Multiple changes to increase security The changes come as a result of the attack that took place a few weeks ago. Gmail users started receiving phishing emails pretending to be from someone they know who was looking to share content with them on Google Docs. A link took people to a login page where a fake Google Docs app requested permission to people's contacts and emails. The attack was stopped within an hour and the company said that less than 0.1% of Gmail users were even impacted by the incident. The company has already tighten OAuth rules, it's anti-spam systems, and more. Source
  18. Gmail Notifier Pro - the program to alert you when new mail in service Gmail. However, Gmail Notifier is more than just a tool for warning, it can be used to check the mail, as well as create new messages from the desktop interface, the choice of the type of account (Google Gmail Atom, Google Gmail IMAP, Google Calendar, subscribe to a feed and Google Reader ) and much more. You can also keep track of multiple accounts from Gmail. After installing the software, open the Options and set the account Gmail. You can use the method of both Atom and IMAP. After setting, you can see all the messages in the main window and a separate window allows you to view the contents of your email. Every time when a new e-mail message, you will receive a notification with the desktop will look pretty cool. The program supports themes that can be customized from the window Options. Set up a notifier so you more like it. When you need to create a new message, just click on the Compose New Email option in the system tray. Features: Gmail Notifier Pro provides many easy-to-use and settings. Checking multiple Gmail accounts for new mail - including Google Apps accounts. Displays pop-up notifications and plays audio message alerting the user when new mail arrives. A complete overview of all unread messages in all your inboxes. Support Atom and IMAP protocols. Allows you to create and respond to email without opening a browser. Integration with Google Contacts. Website: http://www.gmailnotifier.se Release date: 14 May 2017 OS: Windows XP / Vista / 7 / 8 /10 Language: ML Changelog: Download setup Download portable Installer + Fix: Site: https://cloud.mail.ru Sharecode: /public/5Gu2/bP9EQYCMh Installer + Fix + Portable: Note: Just copy the link and sharecode together and then press enter. You need to enter the credentials as mentioned in main post. The d/w starts immediately. Site: Sharecode: /noload2/files/061/Gmail.Notifier.rar Usrname: rsload.net Pwd: rsload.net Noy medicine - shared by Siddharta N.B. - shared by Siddharta If you're looking for ConfigDat.xml >>> open run (Windows logo + R) and type: %appdata%\GmailNotifierPro Then replace with keygen registration <RegisteredUser><Name>XXXXX YYYYYY</Name><EMail>[email protected]</EMail><RegistrationCode>4ACXXXXXXXXXXX3EC1</RegistrationCode></RegisteredUser> Note: The xxxx (yyyyy)is personal data or names My Crack Gmail Notifier Pro 5.3.5 - by bb2018: Site: https://www.upload.ee Sharecode[?]: /files/7008428/Crack-Gmail_Notifier_Pro_5.3.5_.rar.html
  19. Following the widespread phishing scam that affected Google Docs and Gmail users this week, Google says it’s now rolling out a new security feature in its Gmail application on Android that will help warn users about suspicious links. This feature may not have prevented this week’s attack, however, as that attack involved a malicious and fake “Google Docs” app that was hosted on Google’s own domain. However, the additional security protection is a step in the right direction, given how many users access Gmail on mobile, and the increasing sophistication of these phishing attacks that can even fool fairly tech-savvy individuals. In this week’s attack, for example, you would have received an email from a known contact who said they were sharing a document with you. When you clicked to open the document, you’d be taken to an innocent-looking web page hosted by Google. The page wouldn’t even prompt you for your password, but instead listed all your Google accounts ready to be clicked. You would be asked to give an app named “Google Docs” account permissions – but it wasn’t the real Google Docs. And once it had access, the worm began spreading to everyone in your contacts list. The new phishing protection in the Gmail app for Android relies on Google’s Safe Browsing technology, which can warn web users if they’re about to visit a page that’s impersonating a legitimate website, like a bank, online store, or any other site trying to trick you into sharing your username and password information. In Gmail, if you click on a suspicious link in your email message, the app will display a warning messaging that reads: It then informs you that if you choose to proceed to the site, you do so at your own risk. It doesn’t seem likely that the recent phishing attack would have been flagged by this system at the time of its occurrence, as it was a hosted app on Google’s own domain. Google said on Wednesday it had taken action against the phishing attack that had affected Gmail and Google Docs users. It disabled the offending accounts. removed the fake pages, and pushed updates through Safe Browsing and its abuse team. The company also requested users to report any suspect phishing emails in Gmail. The new mobile feature is rolling out this week to Gmail users on Android. Source
  20. The fake Google sign-in page looks exactly like this. With a little know-how, most phishing scams are pretty easy to detect. This one, on the other hand, is devilishly clever and just might dupe you if you’re not careful. The way this phish scam works is simple. Wordfence, who brought light to the scam, says the attacker creates an email address to disguise themselves as someone you know. Then they send you an email with an attachment, like a PDF or Word doc, that looks legitimate. When you click the attachment to see a preview of it, you get redirected to a Google sign-in page where you enter your credentials. Here’s the trick: those attachments aren’t attachments—they’re embedded images designed to look like attachments that link out to a fake Google sign-in page. You can see an example of how real they look in Tom Scott’s tweet below. What’s worse is everything about the fake Google sign-in page looks normal. The logo, text boxes, and tagline are all there. The only difference is in the address bar, where careful eyes will see that the page is actually a data URI with the prefix “data:text/htyml”, not a URL with the standard “https://”. But if you don’t spot it, the attackers get your information and use it to send out more of the same phish emails to your contacts. Google has since updated Chrome to 56.0.2924, which makes it easier to spot fake forms like these, but it doesn’t exactly stop this type of scam dead in its tracks. And whether you use Chrome or not, it’s important to stay vigilant and keep your eyes peeled when checking email. Article source Other source: Warning: Dangerous new Gmail phishing attack can easily steal your Google login
  21. Gmail gets a new feature Gmail users will soon be able to enjoy a new feature allowing them to watch videos right within their emails. For many years, Gmail users have enjoyed some rather great features, but they don't have it all. Google is doing its best, however, so the latest update will allow users to watch videos within Gmail, by using the same streaming infrastructure as YouTube and Google Drive. The thing is, this new feature only works if you're sending over small videos, because, as everyone knows, Gmail only permits attachments of 25MB. When it comes to video content, especially of higher quality, 25MB is easily reached even with short clips. Those larger files are automatically uploaded to Google Drive anyway, which means they can be streamed regardless if Gmail supports this feature or not. The change obviously targets smaller clips, funny videos you want to share with your friends and family of your dog chasing its tail, or your kid throwing the food bowl across the room. Now, people won't have to download the attachment anymore, and when it comes to less tech-savvy family members, that can only mean you save a lot of time you'd spend explaining how to open a downloaded file. Changes coming soon "Today, we’re rolling out a quality of life improvement to Gmail desktop users that makes previewing video attachments in Gmail much smoother and quicker. Previously, in order to view a video attachment in Gmail, you would have to download it to your computer and open it with a media player. Starting today, when opening an email with video attachments, you will see a thumbnail of the video and have the ability to stream it, right from inside Gmail," reads Google's blog post. The changes are incoming, but it might take two weeks to see them in your Inbox, depending on how Google's gradual rollout hits you. Source
  22. The ban was announced a few weeks ago, but it's finally live That's it. Say goodbye to sending JavaScript attachments via Gmail because the mailing service has turned its back to it for good. The move was announced a few weeks back and it's simply a security move since so much malware has been found hiding in JavaScript in recent years, with the situation escalating over the past few months. Now, if you try to send a JavaScript attachment using Gmail or if you want to download such an attachment from an older email, you'll get a new warning saying "Blocked for security reasons." Alternatively, you'll also find the message "1 attachment contains a virus or blocked file. Downloading this attachment is disabled." Not the only one blocked There's a long list of file types that have been blocked by Gmail over the years for security reasons, including .exe, .jar, or .pif, to name a few. "To prevent against potential viruses, Gmail doesn't allow you to attach certain types of files, including: certain file types (listed above), including their compressed form (like .gz or .bz2 files) or when found within archives (like .zip or .tgz files), documents with malicious macros, archives whose listed file content is password protected, archives whose content includes a password protected archive," reads Google's blog post about the situation. There are some workarounds Google set in place if you really, really, want to send a JavaScript attachment, namely by attaching it via Google Drive, Google Cloud Storage or any other storage solution. That's mainly because once you upload a file to a cloud service such as Google Drive, it automatically gets screened for viruses and malware, which works even if the file has been archived in a .zip or .rar, for instance. Then, when you're sending people the download link they know it's supposed to be safe because it's already been scanned and their risk levels are lower. Ref: < http://news.softpedia.com/news/sending-javascript-files-over-gmail-no-longer-possible-513108.shtml >
  23. Gmail users can expect the introduction of SMTP Strict Transport Security to the email service some time this year, bringing a measure of security similar to certificate pinning to one of the world’s biggest webmail services. Elie Bursztein, the head of Google’s anti-abuse research team, said at RSA Conference that SMTP STS will be a major impediment to man-in-the-middle attacks that rely on rogue certificates that are likely forged, stolen or otherwise untrusted. Google, Microsoft, Yahoo and Comcast are expected to adopt the standard this year, a draft of which was submitted to the IETF in March 2016. Certificate pinning, or public key pinning, relies on a list of trusted public key hashes assigned to a particular connection and rejecting any other. For now, connections only verify that a TLS certificate is present. Bursztein’s announcement came during a talk on Thursday during which he illustrated how different threats to corporate and personal Gmail accounts such as spam, phishing, malware, impersonation and interception attacks vary by industry and geography. He also shared how new defense mechanisms implemented in the past 24 months have made Gmail sturdier. “We are stopping hundreds of billions of attacks every week,” Burszstein said. “Every minute, we have to stop more than 10 million attacks with 99.9 percent precision. The way we are doing this is reacting quickly to emerging threats.” Burszstein told a strong story with regard to Gmail’s security against impersonation attacks, noting that 80 percent of inbound messages from other providers to Gmail are now encrypted, while 87 percent of outbound messages from Gmail to other providers are encrypted. These numbers are up from 65 percent and 50 percent respectively as of June 2014. Burszstein said that a decision to add visual cues to users that certain Gmail messages may be untrusted helped spike adoption of encryption. One such measure was a UI change to display a broken lock in the inbox indicating that the email about to be sent is being sent in the clear. “This tells you the email you are about to send is not encrypted and could be intercepted in transit,” he said. “This helps the user make a better choice by highlighting this to the user.” After implementing the lock, he said Google recorded a huge bump in inbound encrypted traffic it was receiving. “Increasing encryption visibility helped speed up adoption,” Burszstein said. On the spam front, Burszstein said Google relies on deep learning to extract more meaning out of data for high precision and learning. He said Gmail took a page from Google’s photo tagging capabilities which use deep learning to understand the context of an image and automate tagging of other photos. “It’s very good at finding spam too,” he said, citing Gmail’s 99.9 percent accuracy rate detecting spam, 3.5 percent of which he attributes to deep learning. Burszstein also advocated for organizations to commit to enhancing DMARC, DKIM and SPF rollouts, each of which have very different roles in securing emails from assuring messages are signed with a public key, to allowing companies to specify which servers it will trust, to what to do with unsigned messages, whether to toss them into a spam folder or reject them outright. He also pointed to visual cues on the authentication front such as Gmail’s assigning of icons to trusted users while throwing up a red question mark for unauthenticated senders. This too was a driver in increasing adoption of all three protections, reducing the number of unauthenticated messages in 2014 (5.8 percent) to last year (1.8 percent). Burszstein shared some data on the effectiveness of training in combatting phishing threats and how Google’s visibility into malicious traffic via email can spot trends, for example, as to how certain ransomware families spread differently (Office documents, macros, or JavaScript droppers) according to detection rates and submissions to VirusTotal. By Michael Mimoso https://threatpost.com/smtp-strict-transport-security-coming-soon-to-gmail-other-webmail-providers/123789/
  24. Some Gmail users may soon find themselves at a higher risk for security problems and without access to updates and new features. Google recently announced via a blog post that Gmail will no longer support Chrome Browser version 53 and earlier. Beginning on February 8, 2017, a banner will appear at the top of the page in Gmail for users who access it from Chrome version 53 or earlier encouraging them to upgrade their browser, the post said. At the time of this writing, Chrome is on version 55, which contains several key security features, the post noted. It's important to note that Gmail is only ending support for these Chrome versions. So, users on Chrome 53 will still be able to access Gmail, and it will function properly, but it will be more vulnerable to security risks and users will not have access to updates or bug fixes, the post said. Gmail will function properly on these Chrome versions until the end of the year. However, the post noted, some users who don't update their browser may be "redirected to the basic HTML version of Gmail as early as Dec. 2017." Users on the Windows XP and Windows Vista operating systems are those who are most likely to be affected by the news, as Chrome version 49 was the last version that included support for those particular Windows systems. The post encouraged users who may be using these operating systems to switch to "more secure and supported systems." In the enterprise, administrators are encouraged to update users to the latest version of Chrome. However, if you rely on legacy apps or operating systems that require an older version of Chrome, that might not be an immediate possibility. Google isn't known for announcing discontinued support for Chrome versions, the post said, as the company's policy is to only support the current version of Chrome. The post said that Google intentionally called this out to minimize the impact on specific Windows XP and Windows Vista users. Google has also taken other steps to secure Gmail recently, including new warnings against potential phishing campaigns and more. Source
  25. Google announced that it implemented S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption, with a twist, for its enterprise customers. That twist is that its implementation of S/MIME, which is typically an end-to-end encryption protocol, is centralized or “hosted” by Google. In other words, Google can see what’s in all of those S/MIME-protected emails. S/MIME Protocol The S/MIME protocol was first invented in 1995. A few years later, it also became an IETF standard (after a few more modifications to the original protocol). S/MIME aimed to be an end-to-end encrypted protocol that would replace the non-encrypted SMTP email protocol. It was also meant to be a little easier to use than PGP (Pretty Good Privacy), another end-to-end encryption protocol that was invented a few years before S/MIME. With PGP, users have to share their public keys with each other prior to using end-to-end encryption, but with S/MIME, this key distribution is handled by a Certificate Authority that gives each user a certificate. Importing the certificate in the email client and signing email messages with it is what proves that the senders are who they say they are. Google’s Hosted S/MIME Google said that instead of supporting the standard client-side S/MIME protocol that allows users to encrypt emails end-to-end (meaning only the sender and receiver can read the emails), it will host all of the users’ certificates and private keys on its own servers. This will allow the company to essentially read (with its computers) all communications that are protected by S/MIME. From this point of view, it’s no different than the way Gmail emails are encrypted today with TLS. Google said that this will make it more convenient to enterprise customers to use S/MIME encryption, although without the benefit of end-to-end encryption. The company said that doing things this way allows it continue to stop phishing attempts and block spam email. The fact that email companies wouldn’t be able to stop spam has long been a criticism of end-to-end encryption. However, WhatsApp seems to have managed quite well by employing techniques that don’t even require them to see people’s messages to block spam. The techniques seem to involve a combination of verifying the identity of the sender and by tracking their behavior. For instance, if one user sends messages to 100,000 people, chances are that user is spamming. WhatsApp’s anti-spam solution is likely a little more advanced than in that example, but the point is stopping spam when end-to-end encryption is used is not as impossible as previously thought. It’s Not All Bad Although Google is essentially downgrading the security of the S/MIME protocol, the move still seems to be an upgrade over the existing, mainly hacked-together email encryption and authentication solutions. The email protocol was never designed to be encrypted, so even today’s best improvements made to it can’t guarantee the security of the message in transit. This is especially true if the recipients use email services that don’t support the same encryption and authentication protocols that Gmail supports. With S/MIME, the messages are encrypted with symmetric encryption as well, so it doesn’t matter what sort of hops it passes until the destination, as the messages will be unreadable to anyone intercepting them. They are also automatically signed by the senders, which will guarantee that the senders are who they say they are. Of course, digital certificates are still vulnerable to certificate authorities going rogue or to being stolen from Google’s servers. The latter is something that may be quite difficult to achieve these days, but likely not impossible. Is Google Giving Up On End-To-End Encryption? Back in 2014, and soon after Edward Snowden made public the extent of the NSA’s mass surveillance, Google started working on an end-to-end encryption tool called, appropriately, “End-to-End.” The company seemed furious that the NSA broke into its network and monitoring every packet going through its unencrypted internal network. From that point forward, it started aggressively adopting encryption everywhere it could add it, whether it was for internal or external communications, or for securing data at rest. One of those measures also involved starting End-to-End. This was a browser extension that would work with multiple email providers (Yahoo joined as well, but it later dropped it around the time it allegedly gave NSA access to its networks), and it would provide PGP end-to-end encryption to users that wanted it. The project doesn’t seem to have been touched for almost a year (at least in its public code repository). After we contacted Google to ask about this a few months ago, the company declined to give a clear answer on whether it’s still working on this specific project. Google did launch Allo with end-to-end encryption provided by the Signal protocol, but it’s not enabled by default like it is for the Signal app itself, or WhatsApp. There is also no easy way to make end-to-end encryption the default, if you’re not interested in using Allo’s AI assistant. “Incognito” chats have to be started manually with each contact. Unlike Signal and WhatsApp, Allo also doesn’t provide safety numbers that guarantee there’s no man-in-the-middle attack. Avoiding Public Email Exposure If companies want to avoid the type of hacks that hit Sony, the Democratic National Committee, and other organizations that exposed everyone’s emails, then end-to-end encryption is still the way to go. This may include the client-sided (non-hosted) S/MIME protocol or PGP, or even using a service such as ProtonMail. For other companies that don’t worry as much about Google being hacked (again) and just want an easy to use, well known, and well supported encrypted email service, Gmail’s new hosted S/MIME protocol may still be an acceptable compromise and an upgrade over their existing email encryption hygiene. Bu Lucian Armasu http://www.tomshardware.com/news/google-hosted-smime-gmail-encryption,33582.html
  • Create New...