Gmail starts scanning images in emails for malware and viruses

Google announced a change to the way that Gmail handles images Thursday. Traditionally, when an e-mail contains an image, e-mail software would fetch the image from a server operated by the mail sender. Now, instead, images will be served by "Google’s own secure proxy servers." The main reasoning behind this is obviously security so that the user can be protected from potentially harmful content. Despite its safety measures, this feature can be quite annoying and the users should have the option to turn it off.

As one would have it, Google has noticed this and has found a new way to handle imagery within Gmail as of today. What they have done is taken all incoming images from sender to user, and they host them at Google’s own proxy servers before they reach your desktop or device, scanning them for malware, viruses or other potentially malicious content in the process. This keeps things ultimately more safe and secure for everyone, without having to click a link that displays the images in an email.

This is mostly a terrific improvement and a good example of how Google frequently outperforms its competitors in offering security improvements such as always-on HTTPS Web encryption, SSL certificate pinning, and two-factor authentication. Unfortunately, Google made another move on Thursday that largely blunts those good works. By default, Gmail will no longer hide remote images. That means that unless users make changes to their default settings, it will be possible for senders to confirm whether a message sent to a Gmail address has been opened.

It's simple for senders to do this. Embed in each message a viewable image—or if you're feeling sneaky, a nearly invisible image—that contains a long, random-looking string in the URL that's unique to each receiver or e-mail. When Google proxy servers request the image, the sender knows the user or message corresponding to the unique URL is active or has been viewed. In Moore's tests, the proxy servers requested the image each subsequent time the Gmail message was opened, at least when he cleared the temporary Internet cache of his browser. That behavior could allow marketers—or possibly lawyers, stalkers, or other senders with questionable motives—to glean details many receivers would prefer to keep to themselves. For instance, a sender could track how often or at what times a Gmail user opened a particular message.

But by filtering these photos through its own servers, however, Google may have shut out the use of Web bugs or beacons—bits of code that lets an advertiser know that an email has been opened. Marketers use images as beacons because, at least until now, services like Gmail would upload such images from an advertiser’s own web server. Any image can be a beacon, even an invisible one no more than a pixel wide.

Those who prefer to authorize image display on a per message basis can choose the option “Ask before displaying external images” under the General tab in Settings. That option will also be the default for users who previously selected “Ask before displaying external content”.

Similar to existing features like default https access, suspicious activity detection, and free two-step verification, image proxying is another way your email is protected. This new improvement will be rolling out on desktop starting today and to your Gmail mobile apps in early 2014.