Gmail showing authentication info

Yesterday Gmail announced on their blog they would be pushing out some new UI to users to show the authentication and encryption status of email. They are trying to make email safer.
There are a number of blog posts on WttW for background and more information.

The short version is that TLS is encryption of the email between the sending server and the receiving server.  It means mail can’t be intercepted or changed while between one server and another.
Gmail is now showing users whether a mail was sent using TLS.
If a message is sent without using TLS, there is an open red lock shown.
Open red lock = unencrypted
If you hover over the open red lock, Gmail tells you the “message was not encrypted”
Hover showing "message not encrypted"
Using TLS removes the open red lock.
Mail sent over TLS
These messages went to spam because, well, do you know how hard it is to find a mail server that’s not authenticated? I ended up sending using SWAKS from one of our VMs so I could control a whole bunch of things, including whether or not mail used TLS. Interestingly enough, Gmail was happy to accept the mail over IPv6 but temp failed anything I sent over IPv4.
Gmail is, apparently, also notifying if mail being sent is going to a recipient on a server not using TLS. I don’t have an easy way to test that.

Related Posts

Filter complexity

URLBlockingForBlogDuring the Q&A last week, I mentioned an example of a type of filter trying to demonstrate how complex the filters are. There was some confusion about what I was saying, so I thought I’d write a blog post explaining this.

Read More

Clickthrough forensics

When you click on a link in your mail, where does it go? Are you sure?
HTTP Redirects
In most bulk mail sent the links in the mail aren’t the same as the page the recipients browser ends up at when they click on it. Instead, the link in the mail goes to a “click tracker” run by the ESP that records that that recipient clicked on this link in this email, then redirects the recipients web browser to the link the mail’s author wanted. That’s how you get the reports on how many unique users clicked through on a campaign.
In the pay-per-click business that’s often still not the final destination, and the users browser may get redirected through several brokers before ending up at the final destination. I walked through some of this a few years ago, including how to follow link redirection by hand.
HTTP Forensics
Evil spammers sometimes deploy countermeasures against that approach, though – having links that will only work once or twice, or redirects that must be followed within a certain time, or javascript within an intermediate page or any of a bunch of other evasions. For those you need something that behaves more like a web browser.
For serious forensics I might use something like wireshark to passively record all the traffic while I interact with a link from inside a sandboxed browser. That’s not terribly user-friendly to use or set up, though, and usually overkill. It’s simpler and usually good enough to use a proxy to record the web traffic from the browser. There are all sorts of web proxies, used for many different things. What they have in common is that you configure a web browser to talk to a proxy and it’ll send all requests to the proxy instead of to the actual website, allowing the proxy to make any changes it wants as it forwards the requests on and the results back.
For investigating what a browser is doing the most useful proxies are those aimed at either web developers debugging web apps or crackers penetration testers compromising web apps. Some examples are Fiddler (Windows), Cellist (OS X, commercial), mitmdump (OS X, linux, Windows with a little work), Charles (anything, commercial) or ZAP (anything).
I’m going to use mitmdump and Firefox. You don’t want to use your main browser for this, as the proxy will record everything you do in that browser while you have it configured – and I want to keep writing this post in Safari as I work.

Read More

Gmail having issues

As of 7/22/15, 1:17 PM, Google reports the issue is resolved.
 
Over on the mailop list multiple people are reporting delivery problems to Gmail.
The Google status page confirms this:

Read More