> 86.8% of the emails we received are signed according to the (DKIM) standard (up from 76.9% in 2013). Over two million domains (weekly active) have adopted this standard (up from 0.5 millions 2013).
> 95.3% of incoming emails we receive come from SMTP servers that are authenticated using the SPF standard (up from 89.1% in 2013). Over 7.8 million domains (weekly active) have adopted the SPF standard (up from 3.5 million domains in 2013).
> 85% of incoming emails we receive are protected by both the DKIM and SPF standards (up from 74.7% in 2013).
> Over 162,000 domains have deployed domain-wide policies that allow us to reject hundreds of millions of unauthenticated emails every week via the DMARC standard (up from 80,000 in 2013).
In conclusion, the evidence -- from Google itself -- shows that only as of 2017-18 has HTTPS adoption even remotely compared to that of DMARC adoption's statistics from 2013!
Gmail is terribly behind Chrome in this regard. Google Search began down-ranking sites not SSL protected in 2015, Chrome warned about submitting passwords on insecure forms in 2016, and by 2017 was rolling out or planning to roll out a series of changes to visibly mark insecure pages as insecure, one address bar change at a time.
In that same time, Google launched Inbox in 2015 ... and shuttered it by 2018, redesigning Gmail. They had plenty of opportunities to highlight insecure email transmission, they chose not to.
In 2013, Google published a blog post on DKIM adoption and in 2016, they updated it: https://security.googleblog.com/2013/12/internet-wide-effort...
> 86.8% of the emails we received are signed according to the (DKIM) standard (up from 76.9% in 2013). Over two million domains (weekly active) have adopted this standard (up from 0.5 millions 2013).
> 95.3% of incoming emails we receive come from SMTP servers that are authenticated using the SPF standard (up from 89.1% in 2013). Over 7.8 million domains (weekly active) have adopted the SPF standard (up from 3.5 million domains in 2013).
> 85% of incoming emails we receive are protected by both the DKIM and SPF standards (up from 74.7% in 2013).
> Over 162,000 domains have deployed domain-wide policies that allow us to reject hundreds of millions of unauthenticated emails every week via the DMARC standard (up from 80,000 in 2013).
In conclusion, the evidence -- from Google itself -- shows that only as of 2017-18 has HTTPS adoption even remotely compared to that of DMARC adoption's statistics from 2013!
Gmail is terribly behind Chrome in this regard. Google Search began down-ranking sites not SSL protected in 2015, Chrome warned about submitting passwords on insecure forms in 2016, and by 2017 was rolling out or planning to roll out a series of changes to visibly mark insecure pages as insecure, one address bar change at a time.
In that same time, Google launched Inbox in 2015 ... and shuttered it by 2018, redesigning Gmail. They had plenty of opportunities to highlight insecure email transmission, they chose not to.