Security
At one time Gmail used an unencrypted connection to retrieve user data, encrypting only the connection used for the login page. However, by replacing the URL http://mail.google.com/mail/ with https://mail.google.com/mail/, users were able to force Gmail to use a secure connection, reducing the risk of third-party eavesdropping on users' information, such as emails and contacts, which are transmitted in plaintext as JavaScript data in the page source code. Starting in July 2008, it was possible to configure Gmail for HTTPS access only through the Settings option - this prevented any insecure access via HTTP. POP3 and IMAP access uses Transport Layer Security, or TLS. At present Gmail now defaults to a secure HTTPS connection.
Although email clients such as Mozilla Thunderbird use TLS when sending email, it is not used when the email is sent from the Gmail servers to the destination domain's mail exchangers, unless supported, so at some stage the user's email message may still be transmitted in unencrypted plain text.
Gmail offers spam filtering: the system automatically deletes messages marked as spam after 30 days. Users can disable the spam-filtering system by creating a rule to make all messages skip the spam filter. POP3 users can only check the Spam folder manually via the web interface, as only emails sent to the Inbox can be retrieved via POP3. This is a technical limitation of POP3. Currently about 75% of email sent to Gmail accounts is filtered as spam.
IP addresses of webmail Gmail users are disguised in order to protect security.
Gmail automatically scans all incoming and outgoing e-mails for viruses in e-mail attachments. If a virus is found on an attachment the reader is trying to open, Gmail will try to remove the virus and open the cleaned attachment. Gmail also scans all outgoing attachments and will prevent the message from being sent if a virus is found. Gmail also does not allow users to send or receive executable files or archives containing executable files.
Gmail became one of the first major e-mail providers to sign outgoing mails with Yahoo!'s DomainKeys signatures.
In the past, Gmail has had severe trouble with security which allowed a full account compromise via Cross-site scripting vulnerabilities affecting the google.com homepage or information disclosure through a file which was stored on Google's server and included all the Email contacts of the currently logged in user. The vulnerability was quickly patched after the initial disclosure on the Internet.
Read more about this topic: Gmail Interface
Famous quotes containing the word security:
“Happiness is peace after strife, the overcoming of difficulties, the feeling of security and well-being. The only really happy folk are married women and single men.”
—H.L. (Henry Lewis)
“Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.”
—James Madison (1751–1836)
“Modern children were considerably less innocent than parents and the larger society supposed, and postmodern children are less competent than their parents and the society as a whole would like to believe. . . . The perception of childhood competence has shifted much of the responsibility for child protection and security from parents and society to children themselves.”
—David Elkind (20th century)