By Google is enhancing Gmail’s security measures to protect 2.5 billion users from potential attacks. The update includes server-side spam and malware protection, as well as protected email addresses to block potential threats at the source.
Email technology is outdated and open to anyone, despite Google blocking 99.9% of spam and phishing. Malicious emails still get through, and new AI-fueled dangers may exacerbate the issue.
Email needs a complete overhaul, resembling encrypted messaging with consent-based contacts and aggressive screening. Elon Musk’s X-Mail could disrupt Gmail, but today’s communication habits favor Slack, Teams, and smartphone apps. Less spam, shorter interfaces, and direct communication better reflect modern work and play.
On the security front, Gmail and other big email platforms lag well behind texting. As I proposed last year, “we need a totally different approach.
- “On-device AI detects spam and harmful emails that bypass central screening and reach inboxes. Too many emails are delivered despite the fact that the email address and presentational “sender” address do not match, even when the latter is an obvious imitation. In 2024, my mailbox contains emails from ‘Apple Support’ or ‘X verification,’ but the senders have random email addresses like’sayio[at]hosai.co.jp’.
- An improved opt-in, known sender solution that mimics encrypted communications. Even the distinction between trusted and unknown senders is too simple. Google has made breakthroughs in email sender technology, but it is far from a comprehensive solution. There could be better AI deployment or an easy button for users to participate in a trustworthy discussion and advocate for a sender.
- Rather than increasing the ante at the central level, email security should improve on the front end (device-side). This is where secure browsing and virus defences are heading, leveraging new device AI processing. To achieve the same result, email must be completely redesigned.”
Rapid innovation in on-device AI is enabling real-time decision-making on whether a message is hazardous or spam. This could eliminate false emails and lower volume attempts. However, front-end programs and user interfaces need a rethink. Google’s new protections on Google Messages include AI-powered filters and advanced security, protecting users from 2 billion suspicious messages each month. GrapheneOS, Google’s Android hardening software, has expanded its scope to include on-device machine learning models for identifying spam, fraud, or malware.
Google has introduced SafetyCore, a new system service for Android 9+ devices, which provides on-device architecture for secure and private classification. Despite being not open source, SafetyCore can be adopted across multiple email platforms and can be used to lock inboxes beyond specific geographies or domains. The app does not perform client-side scanning of content, preserving user privacy and allowing users to control their data.
Google Messages uses a new app to classify messages as spam, malware, and nudity. This feature requires a dialogue to access. While apps can send local AI models for classification, this is not the same as attempting to report unlawful content. Email security is nearing a tipping point, and a new app, such as a Gmail/email app or a universal “System SafetyCore” app, is needed. Device-side AI defense is expected this year, making protection more instantaneous and private.
Unfortunately, Gmail attacks have never been more sophisticated, and there are no indicators that the server-side strategy will change. In terms of device AI, Apple’s iOS 18 Mail upgrade has fallen short. We’re still a long way from there.
When the idea of a total change to email comes up, individuals who defend the incremental upgrades and enhancements that platforms have made tend to emerge, rather than taking a step back and looking at the technology set as a whole. It is strange that email has changed so little while our other communication mechanisms have altered substantially. It’s time to take the similar, albeit disruptive, approach with email.
Google has made significant progress in protecting Gmail through filtering, server-side AI, and sender verification. But all of this is incremental. In this new world of fully managed, cloud-based email platforms, a step-back review has yet to take place. What is undeniably true is that, given the immediacy of our current environment and the fast-paced danger landscape, if we were in a garage inventing the concept of email for the first time, we would not come up with anything remotely similar to what we have now, even with incremental improvements.
While there are arguments against this, such as formality, auditability, and open access to email, I can’t help but think these are reactionary responses from an industry that wants to change one nudge at a time. But if they don’t interrupt, someone else will. That’s why X-mail elicited such a strong and enthusiastic response when it was introduced. Whatever happens, something will happen. Please expedite that rethink today.
Views: 96
