Comcast to start encrypting email traffic with Gmail in the coming weeks

The company is currently testing the technology and plans for wider deployment

Responding to reports that it fails to encrypt the majority of its email traffic, Comcast said that it will ramp up domain-to-domain encryption efforts over the next few weeks.

Google released data Tuesday showing how much of the email traffic to and from Gmail is encrypted in an attempt to raise awareness about the benefits of securing email in transit, which requires both sending and receiving servers to support encryption.

Users can secure their webmail connections from snooping by using HTTPS when available, but have no control over how their emails are sent out to the intended recipients by their email providers. According to Google's data, between 40 and 50 percent of email messages sent by other servers to Gmail addresses in May traveled in plain text because those servers didn't support encryption.

The need to secure email in transit became a hot topic after documents leaked by former U.S. National Security Agency contractor Edward Snowden showed that intelligence agencies intercept and collect electronic communications, including email messages, as they travel through the global Internet infrastructure.

Google's data showed that less than 1 percent of emails exchanged between Gmail and Comcast in May were encrypted.

Comcast is currently beta testing TLS (Transport Layer Security) encryption for domain-to-domain email messaging and has enabled it for its email traffic with certain websites and some smaller ISPs, said Charlie Douglas, a spokesman for Comcast, via email. "Since Gmail is a large domain, we plan to gradually ramp up encryption with Gmail in the coming weeks. We'll also implement it with others."

According to Douglas, a Comcast engineer will be on a panel at the Messaging Anti Abuse Working Group (MAAWG) next week to discuss how to drive adoption of domain-to-domain email encryption.

Facebook also ran a test in May and found that almost 60 percent of billions of notification emails it sends every day are encrypted in transit and encouraged more email providers to deploy an encryption technology called STARTTLS.

Join the CSO newsletter!

Error: Please check your email address.

Tags online safetyGooglesecuritycomcastencryptiondata protectionprivacyFacebook

More about Comcast CableFacebookGoogleMicrosoftNational Security Agency

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place