Google increase awareness of email TLS encryption
Gmail users will now be able to see if a remote SMTP server has TLS encryption enabled.
For the Safer Internet Day, Google announced that Gmail will now notify users if they send or receive an email from a recipient that has SMTP email server without support of TLS encryption:
However, Gmail will only tell you if a remote SMTP server supports the TLS encryption, and it won’t notify you if the recipient is using non-encrypted protocol (e.g. POP3 or IMAP) to download emails, neither if the recipient has enabled SMTP encryption on his, or her, email client:
Taking into consideration that majority of email activities now take place from mobile devices that quite often use insecure public wireless connections, it’s very important to make sure that you use encryption both to send and receive emails.
Nevertheless, Google’s attempt to increase users’ awareness about the importance of encryption is definitely great news. By the way, PCI DSS standard requires all companies to migrate to TLS 1.1 before June 2018.
To support the initiative, High-Tech Bridge offers a free online service to test your email server SSL/TLS encryption. You can test any service on any port using any protocol that supports TLS encryption, such as SMTPS, IMAPS, POP3S and others, and see if your TLS encryption is compliant with PCI DSS requirements and NIST guidelines. Large companies can also use the free API to test all their email systems at once.