SSL/TLS encryption is also used to secure emails in transit so that they cannot be intercepted and read by a third party (other than the email provider). Although most email providers now support SSL/TLS, not all do, which is a terrible security risk, as bank details, account passwords, and other intimate information is often sent via email.
To mark Safer Internet Day on 9 February, Google announced that it will now warn users when they receive a message from, or are about to send a message to, someone using an email service that does not support TLS encryption.
“Gmail has always supported encryption in transit using TLS, and will automatically encrypt your incoming and outgoing emails if it can. We support industry-standard authentication to help combat email impersonation. And there are tons of other security measures running behind the scenes to keep your email safe.
Of course, it takes at least two people to send and receive an email, so it’s really important that other services take similar measures to protect your messages—not just Gmail. Unfortunately, not all email services do.”
If you see the broken padlock icon it should be safe to communicate with the other party, but it is not safe to send sensitive information over such an insecure connection. Do remember, however, that even when secured using TLS, messages can still be read by both the sender and receiver’s email provider (and in Gmail’s case, Google scans all emails in order to deliver targeted advertising).
Google will also attempt to authenticate any email you receive in order to verify that it comes from the sender it claims to come from. If there is doubt, you will see a question mark in place of the sender’s photo, in which case you should exercise extreme caution when replying.