Security
At one time Gmail used an unencrypted connection to retrieve user data, encrypting only the connection used for the login page. However, by replacing the URL http://mail.google.com/mail/ with https://mail.google.com/mail/, users were able to force Gmail to use a secure connection, reducing the risk of third-party eavesdropping on users' information, such as emails and contacts, which are transmitted in plaintext as JavaScript data in the page source code. Starting in July 2008, it was possible to configure Gmail for HTTPS access only through the Settings option - this prevented any insecure access via HTTP. POP3 and IMAP access uses Transport Layer Security, or TLS. At present Gmail now defaults to a secure HTTPS connection.
Although email clients such as Mozilla Thunderbird use TLS when sending email, it is not used when the email is sent from the Gmail servers to the destination domain's mail exchangers, unless supported, so at some stage the user's email message may still be transmitted in unencrypted plain text.
Gmail offers spam filtering: the system automatically deletes messages marked as spam after 30 days. Users can disable the spam-filtering system by creating a rule to make all messages skip the spam filter. POP3 users can only check the Spam folder manually via the web interface, as only emails sent to the Inbox can be retrieved via POP3. This is a technical limitation of POP3. Currently about 75% of email sent to Gmail accounts is filtered as spam.
IP addresses of webmail Gmail users are disguised in order to protect security.
Gmail automatically scans all incoming and outgoing e-mails for viruses in e-mail attachments. If a virus is found on an attachment the reader is trying to open, Gmail will try to remove the virus and open the cleaned attachment. Gmail also scans all outgoing attachments and will prevent the message from being sent if a virus is found. Gmail also does not allow users to send or receive executable files or archives containing executable files.
Gmail became one of the first major e-mail providers to sign outgoing mails with Yahoo!'s DomainKeys signatures.
In the past, Gmail has had severe trouble with security which allowed a full account compromise via Cross-site scripting vulnerabilities affecting the google.com homepage or information disclosure through a file which was stored on Google's server and included all the Email contacts of the currently logged in user. The vulnerability was quickly patched after the initial disclosure on the Internet.
Read more about this topic: Gmail Interface
Famous quotes containing the word security:
“A well-regulated militia being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.”
—U.S. Constitution, Second Amendment.
“The most disgusting cad in the world is the man who, on grounds of decorum and morality, avoids the game of love. He is one who puts his own ease and security above the most laudable of philanthropies.”
—H.L. (Henry Lewis)
“To have in general but little feeling, seems to be the only security against feeling too much on any particular occasion.”
—George Eliot [Mary Ann (or Marian)