Why is encryption in transit important?
If my email is encrypted in transit, does it mean that no one can ever snoop on my email?
What do you mean by encryption of email in transit?
When an email is encrypted in transit, that means it’s protected against being read by someone with access to the networks through which the email is traveling, on its way from the sender to the destination. You can think of it as a temporary envelope of security that is wrapped around your email to keep it private while it is being transmitted to its intended recipient. Transport Layer Security (TLS) is the standard means of performing encryption in transit for email.
What TLS doesn’t do is encrypt data at rest—that is to say, it does not encrypt email while it is stored on a server. There are ways to do this, such as using PGP (see below).
Is TLS the be-all, end-all solution for protecting my email while it’s in transit?
Is email from Google users to other Google users encrypted in transit?
How does encryption in transit relate to HTTPS access to Gmail?
Since 2010, HTTPS has been the default when you’re signed into Gmail. This means that while your email travels between Google’s data centers and the computer you use to read your email, it’s encrypted and secure. This report is about something different: whether or not your email is protected by TLS when it travels outside Google’s data centers to the external mail server of the person you’re emailing.
We’ve turned on HTTPS for Gmail on our own, but when email is sent between different mail providers, both providers need to support TLS in order for the email to be encrypted in transit.
How does encryption in transit relate to other forms of email encryption, like PGP?
PGP encrypts the content of your email in such a way that, if you do everything perfectly, nobody but you and the intended recipient will ever be able to see it. When a Gmail user receives a PGP-encrypted email, for example, Gmail is unable to index the content of the email for later searching, because Gmail cannot see the content. This tradeoff of convenience for additional security is especially appropriate for people who are at risk, and adds an additional layer of security not provided by encryption in transit.
But encryption in transit adds a significant privacy benefit to PGP. PGP encrypts only the content of your email, but not its headers (e.g. who is sending and receiving the email). An eavesdropper who “overhears” the delivery of a PGP-encrypted email will be able to see what address the message was delivered to, but not the content of the message. But when a PGP-encrypted message is also encrypted by TLS while in transit, the sender and receiver of the message will not be visible to an eavesdropper.
Why isn’t all email sent to or from Gmail encrypted in transit?
For decades, the default has been for email to travel across the Internet unencrypted—as if it was written on a postcard. Gmail is capable of encrypting the email it sends and receives, but only when the other email provider supports TLS encryption.
In other words, encrypting 100% of all email on the Internet requires the cooperation of all online mail providers.
What is being counted in this report?
What does “From X via Y” mean?
“From: gmail.com via google.com” means all messages with an envelope sender ending in @gmail.com or a subdomain, from a host in the domain google.com or a subdomain. When the "via" domain is the same, it is elided.
An ellipsis, as in “google.{...}”, means that several domains, such as google.com and google.co.uk, have been counted together. We try to do this only when we believe that like-named hosts process mail in the same way, which is not always.