The proportion of inbound messages that arrive in Gmail properly encrypted has jumped from 50 percent to nearly 70 percent over the past two years, a figure that Google Inc. expects will continue to increase as providers around the world strengthen their security capabilities. But the remaining emails that are still being sent in a plain-text format leave user privacy at serious risk. After years of quietly chipping away at the issue, the search giant and a handful of other web giants are taking the matter into their own hands with a new initiative targeting the outdated technology at the crux of the matter.

The Simple Mail Transfer Protocol (SMTP) has powered most of the world’s email communications since the early 1980s, when the Internet was still a novelty reserved exclusively for government agencies and schools. It’s been revised numerous times since, most recently in 2008, yet has failed to keep up with the fast-evolving security requirements of the modern web. As a result, users are not afforded any sort of inherent protection against the hackers and other prying eyes interested in compromising their private messages. Google, Microsoft Corp., Yahoo Inc. and the three other participants in today’s newly announced effort are proposing to enhance the technology with a specialized security mechanism that can guarantee an email is only read by its intended recipient.

It’s the same goal the companies sought to realize a few years ago with STARTTLS, an extension for SMTP that can automatically apply encryption to messages sent in a plain text format. The mechanism was adopted by several major email providers at the time, but ultimately fell short of changing the status quo due to its loose enforcement approach: The software allows communications to pass unhindered through an unsecure connection if it fails to kick into effect for some reason. And the user isn’t even notified about the issue after the fact, which means that hackers effectively have free reign to intercept data.

In contrast, the new alternative that Google and its partners are now proposing prevents messages from being transmitted if it’s unable to establish an encrypted connection. SMTP STS, as the mechanism is called, also requires the server on the receiving end to verify its legitimately and lets the user know exactly why their their email is blocked in the event of a problem. The functionality can thus effectively cut off a negligent provider from peers that use the extension, which should provide a strong incentive to implement effective privacy controls.

SMPT STS is set to have a particularly big impact on consumers in developing countries, where email providers are often slower to adopt new standards than their Western counterparts. The prospect of being unable to process messages from Gmail, Exchange and Yahoo Mail should persuade even the most stubborn company to catch up with the times.  First, however, Google and its partners will need to have the standard approved by the Internet Engineering Task Force, a process that will likely take some time.

Image via Pixelcreatures