Email warnings designed to be more user friendly
Google is preparing to introduce new safety features to the company’s popular Gmail email messaging app before the end of August. The features are designed to help end users, particularly those with a minimal understanding of online security protocols, identify and avoid suspicious emails.
Once in place, the features will display a question mark over a sender’s profile picture if that sender cannot be authenticated using the Sender Policy Framework or DKIM. The features will apply to both browser-based users of Gmail as well as Android users.
Warnings will also appear if an email contains potentially dangerous or duplicitous links. Users will be warned that “Visiting this web site may harm your computer.” They will then have the option to explore the reasons for the suspicion in detail and learn about online security best practices. Senders whose emails have been unnecessarily flagged have the right to appeal the warning.
This is not Google’s first attempt to provide warnings to users, but the newest strategy has been informed by a growing body of research into how end users read and comprehend warning information. Overall, the warnings have become shorter, more direct, and less technical. Instead of attempting to explain the nature of the threat, these new warnings simply emphasize the presence of a threat in clear language.
Google made two previous updates to security protocols this year. Previous updates were targeted at deceptive embedded content and designed specifically for the needs of network administrators. This is the company’s first recent attempt to improve email security for end users.
The change comes in the wake of a recently released report highlighting the prevalence of unwanted software distribution though email channels. The report focuses on four pay-per-install networks, the particular types of software that they distribute, and the impact that software has on end users.
In this particular scheme, developers pay distributor networks between $.10 and $1.50 per download to manipulate users into installing unwanted software on their computers. Most of this software unexpectedly injects ads into user experiences, changes browser settings without authorization, or offers “cleanup” services. The developers then recoup the distribution cost by monetizing users who have not given consent, or by locking them into outrageous ongoing subscription fees. Data from Google suggests that these distributor networks drive over 60 million download attempts per week, a rate that is three times higher than rates of malware distribution.
This unwanted software is not technically classified as malware because it does not corrupt performance, but it does have a significant impact on users. The new safety measures set to roll out put at least one level of protection between the user and the download.
As of Feb 2016, Gmail had over 1 billion monthly active users worldwide.