Though there was at least one successful high-profile phishing attack against a Gmail user in 2016, Google is aggressively defending its millions of Gmail users.
SAN FRANCISCO—Google’s Gmail web email service is used by millions of companies and consumers around the world, making it an attractive target for attackers. In a session at the RSA Conference here, Elie Bursztein, anti-fraud and abuse research team lead at Google, detailed the many technologies and processes that Google uses to protect users and the Gmail service itself from exploitation.
At the core of Google’ Gmail defenses are deep learning artificial intelligence systems. Bursztein told the capacity crowd that Google’s deep learning has been continuously improved over the years and is now 99.9 percent accurate in detecting spam email.
The deep learning capabilities that Google has deployed involve both software and hardware assets. Bursztein said Google has built and deployed dedicated ASICs (application specific integrated circuits) to accelerate the deep learning workflow, helping Gmail to stay ahead of spammers and email threats.
There are also a host of internet standards that help Google keep its Gmail users safe. Among those standards is STARTTLS, which as the name implies, starts TLS (Transport Layer Security) to encrypt email data transfer. SMTP (Simple Mail Transfer Protocol), which is the protocol used to enable email, does not by default make use of encryption, potentially exposing email users to the risk of message interception.
While Google is a big advocate of STARTTLS, Gmail isn’t the only provider of email inboxes and not all email connections are secure. However, Bursztein said the trend in the last few years has been moving in the right direction. At this point in 2017, he said that 80 percent of inbound email to Gmail inboxes is encrypted, while 87 percent of outbound email is encrypted.