Google can’t say “mission accomplished” just yet, but the search giant made it clear that the Internet is winning its decade-old war against phishing and spam emails.
In a blog post published Friday, Google said the Internet-wide efforts against unauthenticated emails, which can be used by spammers and phishers to fake email addresses and deceive users, are working. In fact, the vast majority of non-spam email that Gmail users receive is authenticated with standards designed to fight phishing.
SEE ALSO: Social Media Spam Increased 355% in First Half of 2013
“91.4% of non-spam emails sent to Gmail users come from authenticated senders, which helps Gmail filter billions of impersonating email messages a year from entering our users’ inboxes,” Google security researchers Elie Bursztein and Vijay Eranti said in the post.
Since 2004, Internet industry groups and authorities have been pushing for authentication standards, called DomainKey Identified Email and Sender Policy Framework, to be widely enforced. Google said that as much as 74.7% of incoming email on Gmail use both DKIM and SPF, while 14.4% use SPF only and 2.25% use DKIM only. That leaves just 8.6% of emails as non-authenticated.
But the war isn’t over yet. As Google points out in the post, phishers can still target unprotected domains, and even protected ones, if they use weak encryption. That’s why Bursztein and and Eranti suggested using at least 1024 bit keys, as “the use of weak cryptographic keys — ones that are 512 bits or less — is one of the major sources of DKIM configuration errors (21%).”