There’s Actually Some Good News About Email Security for Once

This actually … looks promising. Weird!

Graphic from Google

When it comes to email security, there’s always something to be concerned about, whether it’s the Sony Pictures breach, Russian hackers infiltrating White House communications, the Hillary Clinton email scandal, or the data dump from CIA Director John Brennan’s private AOL address. The situation is nonstop. But! On Thursday, Google published new research on its security blog indicating that minimum security precautions may actually be improving among email providers.

Google worked with researchers at the University of Michigan and the University of Illinois to evaluate data from Gmail both in terms of what it could reveal about the email industry in general and the current security status of Gmail itself. The good news is that more email providers are offering email encryption across the board, and the vast majority are using some type of authentication to reduce phishing and impersonation. The researchers compared data from December 2013 and October 2015, and in less than two years they saw significant improvements.

Of course, if these measures had already been in place in 2013, some major individual, corporate, and government hacks could probably have been avoided, but here we are. The researchers also explored some emerging security threats. They noted types of attacks that tamper with the initial encryption of emails and also talked about situations where bad actors spoof directories and routing information so emails can be altered before they ultimately get delivered.

The researchers wrote, “Our measurements show that the use of these secure mail technologies has surged over the past year. However, much of this growth can be attributed to a handful of large providers, and many smaller organizations continue to lag in both deployment and proper configuration.”

As a result, users often get better protection when they are emailing other users of the same service, like Gmail to Gmail, as opposed to contacting someone using an unfamiliar provider. Though strong security is obviously crucial, this disparity could eventually have implications for consumers’ diversity of choice in the email industry, pushing everyone to put their trust in only a few large services. In the meantime, at least Gmail has shown a strong commitment to security.