Google’s efforts to keep users safe might be forcing other email providers to make better security decisions. In February, the company started flagging unencrypted emails, allowing Gmail users to know whether they're sending emails to, or receiving emails from, providers that don't support TLS encryption. Since then, the amount of inbound mail sent over an encrypted connection to Gmail users has increased by 25 percent, Google explained in a blog post released today.
The majority of the uptick likely comes from providers updating their clients so they can avoid getting flagged by Google, the company said in a comment to The Verge. Without in-transit encryption, which Google provides by default, emails could potentially be read by attackers because their body and data are sent in plain text. Prior to Gmail's encryption warning, users had no way of knowing whether the mail they received was secure. But now, other providers are basically being publicly shamed for lagging security practices. A small part of the 25 percent increase could also come from people switching over to email providers that already encrypt, Google said to The Verge.
In addition to its encryption push, the company’s also amplifying its other security efforts. It’s going to start showing Gmail users a full-page warning if they click on a potentially malicious link, and that warning will span browsers and email apps. The company’s also going to increase its warnings about state-sponsored attackers with a full-page alert about how to secure accounts through two-factor authentication and the use of a security key.
3/24, 12:26 PM ET: Updated to further clarify and quantify Google's comment.