Gmail’s long awaited Transport Layer Security (TLS) requirement for email delivery has finally arrived!
Well, OK, the requirement part is still optional. And as far as we know, deliverability is still very much present with Gmail if you have yet to enable TLS on your outbound connections. Emails without it are still seeing inbox placements and their images are still enabled. Only now, Gmail brings your recipients a gift in the form of a little shiny red open padlock placed at the top corner of each distributed message. See an example here. The end user now gets to view a perplexing image that is paired with their unencrypted email and wonder… “What is this thing?” On the other side of that coin, email marketers who deliver to Gmail without enabling TLS are thinking…”?!?”.
I’m actually a little bit surprised that it’s taking ISPs so long to embrace TLS encryption. Version 1.0 of the TLS specs came out further than just a few years back. Although, I suppose that popular media attention with the likes of Edward Snowden, realization of the Government’s packet sniffing Carnivore program, or even Apple’s un-hackable iPhone have positioned consumers to where they are more focused than ever on personal security measures. As a corollary, Gmail responded by allowing its users to become better informed as to the source of their messages and whether or not the sender even cares to enable TLS encryption before blasting.
So what is TLS?
For those who don’t already know, TLS serves to protect your message with encryption while in route to the recipient’s email box. So despite having all of the proper authentication in DKIM/SPF or DMARC; without encryption, your email can apparently still be hijacked in transit. Allowing unauthorized users to intercept and view your message’s content.
Think of it this way: When you send a regular unencrypted email message, that’s very similar to mailing out a post card. All of the information is available for the postman or anyone handling it to read while in transit. Adding TLS to the equation means that you’ve now taken that postcard and sealed it into an envelope before mailing it.
So now, nobody can read the writing on the postcard until it arrives at its destination and the intended person with access can open the sealed envelope.
Do we need this added security?
I like Gmail’s step up in security here. However, as email marketers, we must first advocate on the side of deliverability in this instance. So while we do just that, let us not forget about how the groundwork and foundation of email delivery was originally designed. In short, email delivery was not necessarily created, with granular authentication and security in mind. That stuff was added later on, particularly when society started utilizing email in just about every aspect of life – everything from banking to legal advice, to any other sensitive intangible piece of information that you can think of. In certain environments such as those, mailbox to mailbox email encryption makes perfect sense and should be advocated and applied accordingly.
However, is it really necessary to apply that layer of security to all emails sent and received? Of course not! Which is why I predict that the little red open padlock will be welcomed into the Gmail inbox for quite some time with non-marketing users. Gmail isn’t going to start putting that message from ol’ grandpa into spam because he emailed you from an unencrypted connection via his Jitterbug senior mobile plan.
Mailbox to mailbox encryption is simply not possible on a universal scale right now; at least not with how the masses are connecting and the various devices employed today. Obviously this goes without saying, but Gmail is responsible for a fairly large swath of active email users today, and for good reason. They are, in my humble opinion, the very best email box on the market. And on that note, the TLS implementation will leave some marketers with a bad taste in their mouth. I’m talking about anyone dependent on large volume email marketing campaigns as a way of doing business that find enabling TLS encryption a difficult task. If this is you, then Gmail’s TLS encryption should be on your radar, if not already.
To conform or not to conform, that is the question
Perhaps you’ve already appeased the email gods by enabling TLS on outbound connections to those who support it. If not…then I have to believe your days of sending bulk email to Gmail users may be numbered. The writing is on the wall and it could be that Gmail’s intention is to not only appease the security skeptics, it will also be largely used to clamp down on email marketing in general. Those who can follow the rules by authenticating as well as encrypting will get more access. Those who fail to conform to this new standard will be met with a locked door or completely funneled into the spam folder, regardless of sender reputation or past user engagement. Granted, that time is still probably a few years away.
Regardless, Gmail is positioning themselves. As of right now, they already know exactly who is trafficking copious amounts of email to their users. The only adjustment needed on their end is to create a threshold on who is or is not a high volume sender. Once they pull the trigger and a baseline is established; if you still haven’t enabled TLS on outgoing nodes, then all bets are off with regards to deliverability there.
The big take-away
If your company uses an email vendor for email marketing and prospecting, then you should inquire about Gmail’s TLS encryption. Ask if they have enabled TLS on your outbound emails to those who support it. Or better yet, just signup for a free Gmail account and run a test to yourself. If you see that little shiny red open padlock in the top corner of the test, then your vendor hasn’t addressed the issue and you may want to consider a more robust platform that can proactively address such environmental changes, like Act-On! We study these industry trends far before they present themselves as an issue. So it’s just business as usual with regards to your email marketing and those Gmail assets.