Google Beefs Up Gmail Security
The folks at Google are beefing up the security for Gmail again, rolling out warnings to users if messages are unauthenticated or contain malicious links.
Whether on the web or via Android, if users receive a message that can’t be authenticated with either the Sender Policy Framework (SPF) or DKIM, they’ll see a question mark in place of the sender’s profile photo, corporate logo or avatar.
And on the web, if a user receives a message with a link to a dangerous site known for phishing, malware or potentially unwanted software, Gmail will pop up a warning if the user clicks on it.
“These warnings are an extension of the Safe Browsing protection available to various web browsers today,” the company explained, in a blog post. “Not all affected email will necessarily be dangerous. But we encourage you to be extra careful about replying to, or clicking on links in messages that you’re not sure about. And with these updates, you’ll have the tools to make these kinds of decisions.”
Google is gradually rolling out the update over the next couple of weeks, with the target of including all users in the scheme.
This is the latest improvement to protect users against malware, phishing, ransomware encryption and unwanted or deceptive software with revamped warnings. And, it recently updated its Safe Browsing alerts to include warnings about deceptive embedded content and messages for administrators about unwanted and malicious software.
Google has also embraced DMARC, announcing that it will be moving Gmail to a strict DMARC policy this year. The idea is to thwart cyber-criminals who hack into user accounts and then scrape the address books; they then use a different server to spoof messages from the hacked user to his or her own contacts. They do this for spam and fraud purposes, for phishing and to spread malware.
A DMARC policy combats this by allowing a sender to indicate that its emails are protected, and tells a receiver what to do if neither of those authentication methods passes—such as junk or reject the message.
Photo © Alexey Boldin/Shutterstock.com
Source: Information Security Magazine