Gmail Prefers Their Email Encrypted

lockgmail.jpg

Gmail has started labeling mail that is sent without encryption with a broken lock icon lock.png.

 

 

Email encryption in transit (TLS)

Gmail supports encryption in transit using Transport Layer Security (TLS), and will automatically encrypt your incoming and outgoing emails if it can. Some other email services don't support TLS, and therefore messages exchanged with these services will not be TLS encrypted.

In Gmail on your computer, you can check that a message you’ve received was sent over TLS by clicking the small down arrow at the top-left of the email and reading the message details.

If you see a red open padlock iconlock.pngon a message you’ve received, or on one you're about to send, it means that the message may not be encrypted.

https://support.google.com/mail/answer/6330403?p=tls&hl=en&rd=1

 

It is understood that Google is likely giving some preferential deliverability scoring to emails sent through encryption.

 

Good News.  Marketo implemented Opportunistic TLS in the middle of 2015 so we are ahead of the ball!

 

 

Example of mail sent without encryption

2016-04-20_1640.png    

 

Example of mail sent with encryption

2016-04-20_1625.png


Is this article helpful ?

YesNo


2858
3
3 Comments
Josh_Hill9
Level 2

This article doesn't tell us how to do this in Marketo. Please advise.

SanfordWhiteman
Level 10 - Community Moderator

It works automatically. Marketo's servers attempt to use TLS if it's supported by the remote mailserver, and otherwise fall back to regular unencrypted connections.

"Opportunistic" is a pretty grandiose buzzword. "TLS when available" is a clearer way to put it, as opposed to "TLS only." You can find the same option for other optionally-encrypted protocols.  For example, some old VPN clients could be set to either "Try encryption first, fall back if not supported" vs. the harder-core "Disconnect if no encryption."

P.S. The HTTP equivalent of Opportunistic TLS does technically exist, but it has almost zero support in-the-wild.  As a result, you can't "try HTTPS first, then fall back to HTTP." Instead you have to either force TLS (breaking the connection if https:// doesn't work) or go to the insecure site first and see if you get redirected to the secure site (which breaks the presumed security of HTTPS far more than people realize).

Kiersti_Esparz1
Level 7

As Sanford Whiteman indicated - Marketo has implemented Opportunistic TLS for all customers by default.  No action necessary by you or your teams.