Gmail, one of the most popular email services in the world, has announced some of its biggest security updates to fight spam and phishing. The new features include improved spam filters, sender authentication, and brand indicators for message identification (BIMI).
Gmail has been using a machine learning model called RETVec to evaluate the importance of email messages and filter out spam. RETVec stands for Relative Email Text Vectorizer, and it works by assigning a numerical score to each email based on its content, context, and sender information. The higher the score, the more likely the email is relevant and important to the user.
RETVec has been proven to be highly effective for security and anti-abuse applications, as it can detect subtle patterns and nuances in email messages that are often missed by traditional spam filters. For example, RETVec can identify phishing emails that use deceptive language or impersonate legitimate senders.
Gmail has been using RETVec for over a year, and has seen significant improvements in its spam detection and user satisfaction. According to Google, RETVec has helped reduce spam by 99.9% and increased user engagement by 10%.
How sender authentication works in Gmail
Another security feature that Gmail has introduced is sender authentication, which requires bulk email senders to prove their identity and ownership of their domain name. This helps prevent spoofing, which is a common technique used by spammers and phishers to trick users into opening malicious emails or clicking on harmful links.
Gmail uses two methods to authenticate senders: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). SPF is a protocol that allows domain owners to specify which IP addresses are authorized to send emails on their behalf. DKIM is a protocol that allows domain owners to sign their emails with a cryptographic key that can be verified by the recipients.
Gmail will display a warning message or mark the email as spam if the sender fails to authenticate their email address using SPF or DKIM. Gmail will also display a red question mark icon next to the sender’s name to indicate that the email is unauthenticated and potentially unsafe.
How BIMI enhances email identification in Gmail
BIMI, which stands for Brand Indicators for Message Identification, is a new feature that Gmail is testing to help users identify and trust the emails they receive from verified brands. BIMI allows brands to display their logos next to their email messages in Gmail, as long as they meet certain security and authentication standards.
BIMI works in conjunction with DMARC (Domain-based Message Authentication, Reporting, and Conformance), which is a protocol that helps domain owners prevent unauthorized use of their domains by spammers and phishers. DMARC allows domain owners to set policies on how to handle unauthenticated or spoofed emails, such as rejecting them or reporting them to the domain owner.
Gmail will display the brand logo next to the email message if the sender has a valid DMARC policy and a verified BIMI record. This will help users recognize and trust the emails they receive from legitimate brands, and avoid falling victim to phishing or scam attempts.
Conclusion
Gmail is constantly improving its security features to protect its users from spam and phishing. The new features, such as RETVec, sender authentication, and BIMI, are designed to enhance the user experience and satisfaction, as well as the security and reputation of the email service. Gmail users can expect to see less spam and more relevant and trustworthy emails in their inbox.