dk_jb
asked on
Warning in Gmail: "Some recipients use services that don't support encryption"
When I send fra a Gmail to some domains, I get the warning: Some recipients use services that don't support encryption
I have 2 different domains. On the same mailserver, with the same setup, but on one domain I get this warning, on the other domain i don't.
Any idea what causes this warning, and how to resolve it?
Google does not give much help.
/Jan
I have 2 different domains. On the same mailserver, with the same setup, but on one domain I get this warning, on the other domain i don't.
Any idea what causes this warning, and how to resolve it?
Google does not give much help.
/Jan
ASKER
Hi LVL 65,
Both domains are on the same mailserver, and uses TLS, when available.
TLS was enabled on the server long time ago, and therefore, at the same time for both domains.
How will Gmail, know if a domain uses TLS, the open padlock appears in a split-second, even on a domain, that I have never send to before.
What headers are we talking about to or from Gmail?
/Jan
Both domains are on the same mailserver, and uses TLS, when available.
TLS was enabled on the server long time ago, and therefore, at the same time for both domains.
How will Gmail, know if a domain uses TLS, the open padlock appears in a split-second, even on a domain, that I have never send to before.
What headers are we talking about to or from Gmail?
/Jan
Google does it by checking past records which probabky may not be updated if that domain is already having to support TLS.
Past messages sent to the recipient's domain are used to predict whether the message you're sending won't be reliably encrypted. See this and you can try testing out the domain -
The mail has a header details which it traces the different mail servers before it is delivered to your inbox. See example.
https://community.letsencrypt.org/t/how-to-meet-gmails-new-2016-email-tls-requirement-red-lock/28097/2
Past messages sent to the recipient's domain are used to predict whether the message you're sending won't be reliably encrypted. See this and you can try testing out the domain -
https://transparencyreport.google.com/safer-email/overview
What is being counted in this report?
We count message recipients, not SMTP connections. We don’t count emails our systems flag as spam. We don’t count inbound messages from hosts whose forward or reverse DNS is missing or inconsistent. This is to ensure that inbound messages can be meaningfully attributed, since a message sender can assert any “From” address that he wants.
The mail has a header details which it traces the different mail servers before it is delivered to your inbox. See example.
https://community.letsencrypt.org/t/how-to-meet-gmails-new-2016-email-tls-requirement-red-lock/28097/2
ASKER
Hi LVL 65,
The headers looks like this:
Received: from gn35.gullestrupnet.dk (gn35.gullestrupnet.dk. [89.249.3.135])
by mx.google.com with ESMTPS id z64si2164808wmc.261.2017.1 1.16.21.53 .44
for <gullestrupnet.jb@gmail.co m>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SH A bits=128/128);
Thu, 16 Nov 2017 21:53:44 -0800 (PST)
So if I understand you right, it's send with TLS, and it's just a matter of time, before Gmail has received enough, to change it's valuation from usafe to safe?
/Jan
The headers looks like this:
Received: from gn35.gullestrupnet.dk (gn35.gullestrupnet.dk. [89.249.3.135])
by mx.google.com with ESMTPS id z64si2164808wmc.261.2017.1
for <gullestrupnet.jb@gmail.co
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SH
Thu, 16 Nov 2017 21:53:44 -0800 (PST)
So if I understand you right, it's send with TLS, and it's just a matter of time, before Gmail has received enough, to change it's valuation from usafe to safe?
/Jan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For author advice.
1. Incoming messages that didn’t use TLS.
2. Gmail will also show when you’re sending messages to services that don’t use TLS when accepting mail.
3. Encryption hasn't worked for a certain email provider in the past
4. Gmail isn't directly sending the message. For example, this icon might show up if you've set up a custom domain name, such as name@yourdomain.com.
It may be one of first two reasons (1 or 2) for the different domain mentioned. In this case, encrypting 100% of all email on the Internet requires the cooperation of all online mail providers.
The other two (3 or 4) are wrongly tagged. So it is false positive as acknowledged.
https://support.google.com/mail/answer/7039474
Can check the email header from more info on the a/m scenario to identify which is the case.