From the day we launched, Gmail has supported something called https. Https keeps your mail encrypted as it travels between your web browser and our servers, so someone sharing your favorite coffee shop's public wifi can't read it. Your bank and credit card websites use this same protocol to protect your financial data. Typically, free webmail services don't support https, but from the beginning we wanted to build a product so solid you could run a company on it -- we developed Gmail by running our own mail on it -- so security is something we took seriously right from the start.

We use https to protect your password every time you log into Gmail, but we don't use https once you're in your mail unless you ask for it (by visiting rather than Why not? Because the downside is that https can make your mail slower. Your computer has to do extra work to decrypt all that data, and encrypted data doesn't travel across the internet as efficiently as unencrypted data. That's why we leave the choice up to you.

We care about your security today just as much as we did when we launched, which is why we're constantly working on improvements like the recently launched last account activity and remote sign out. Today, we're making it even easier for you to use https to protect your mail every time you access it. We've added an option to Settings to always use https. If you don't regularly log in via unencrypted wireless connections at coffee shops or airports or college dorms, then you might not need this additional layer of security. But if you want to always use https, then this setting makes it super easy. Whenever you forget to type, we'll add the https for you. If you already have the https URL bookmarked, using this setting will ensure you access your account via https even when you don't use your bookmark. Any http link to Gmail (for example, the one at the top of will be automatically redirected to https.

We're in the process of rolling this feature out to all Gmail and Google Apps users, so check back in your Settings menu if you don't see it right away. In the meantime, you can go directly to right now if you're nervous about snoops. (Or if your Google Apps domain is Google Apps Premier Edition admins will also be able to select SSL connections for their users via a new preference in the control panel we'll be rolling out shortly.

P.S. Some products that connect to Gmail, like Google Toolbar, are not yet compatible with https. We're working to identify issues like this and get them fixed, so visit your product's Help Center if you encounter problems after enabling this setting. In particular, check out this Gmail Help Center page if you use the Gmail mobile app, as you may initially hit an error when you try to use it (we're working on a fix).


We've heard from some of you that Gmail's auto-added contacts can lead to too much address book clutter. One of the advantages of automatically creating contacts is that all of the addresses you email subsequently show up in auto-complete. We wanted to preserve this benefit while giving you the ability to have a clean, uncluttered contact list, and we've come up with a solution that's rolling out this week. It separates your contacts into two groups: "My Contacts" and "Suggested Contacts."

My Contacts contains the contacts you explicitly put in your address book (via manual entry, import or sync) as well as any address you've emailed a lot (we're using five or more times as the threshold for now).

Suggested Contacts is where Gmail puts its auto-created contacts. By default, Suggested Contacts you email frequently are automatically added to My Contacts, but for those of you who prefer tighter control of your address books, you can choose to disable usage-based addition of contacts to My Contacts (see the checkbox in the screenshot above). Once you do this, no matter how many times you email an auto-added email address it won't move to My Contacts.

We realize there's a lot more we can do to make Gmail contacts even more useful, but let us know what you think so far.


Last week, we launched a new version of Google Talk designed specifically for the iPhone. It works right in your Safari browser, so there's no need to download or install anything -- just go to and sign in.*

Because this version of Talk is designed to run in your browser, you'll be automatically signed out of Talk when you navigate to a different browser window or iPhone app. So while it's not a traditional "always-on" instant message client, it's useful for changing your status message on the go or checking in to see if someone's online and sending them a quick chat. It's equally nice for killing time at the airport.

*Google Apps users: visit from your iPhone's browser, but be sure to replace '' with your actual domain name.


Phishing messages are a form of spam that attempt to deceive recipients to gain access to their personal information. A classic one is a message that appears to come from PayPal and attempts to get someone's PayPal password in order to drain his or her account. These fraudulent messages often look very official and can fool people into responding with personal information.

Gmail does its best to put a red warning label on phishing messages, but it can be hard for us to know sometimes and we can't be 100% perfect. So, for the fraction of a time when Gmail misses it, you may end up squinting three times and turning the message sideways before suspecting that it's phishing. Wouldn't it be better if you never saw phishing messages at all, not even in your spam folder? Since 2004, we've been supporting email authentication standards including DomainKeys and DomainKeys Identified Mail (DKIM) to verify senders and help identify forged messages. This is a key tool we use to keep spam out of Gmail inboxes. But these systems can only be effective when high volume senders consistently use them to sign their mail -- if they're sending some mail without signatures, it's harder to tell whether it's phishing or not. Well, I'm happy to announce today that by working with eBay and PayPal, we're one step closer to stopping all phishing messages in their tracks.

Now any email that claims to come from "" or "" (and their international versions) is authenticated by Gmail and -- here comes the important part -- rejected if it fails to verify as actually coming from PayPal or eBay. That's right: you won't even see the phishing message in your spam folder. Gmail just won't accept it at all. Conversely, if you get an message in Gmail where the "From" says "" or "," then you'll know it actually came from PayPal or eBay. It's email the way it should be.

eBay and PayPal have worked hard to ensure that all their email is signed with DomainKeys and DKIM. Armed with this information, Gmail can easily reject as a fake anything that doesn't authenticate. We've been testing this for a few weeks now and it's working so well that few people really noticed.

We think it's great that PayPal and eBay have taken on the challenge of securing email, and we're pleased to have put our best efforts together to make this work. It's a bold move, but one that will really help fight phishing. Our hope is that this will set a good example for other organizations to follow (yes, it can be done!) and that over time more and more email will become trustworthy.


Your email account can contain a lot of personal information, from bank alerts to love letters. Email that, I'm sure, you don't always want other people to see. We understand how important your Gmail accounts are to you, so we're adding a new layer of information and control. With this new feature, you can now track your recent sessions and you can also sign yourself out remotely.

If you are anything like me, you probably sign in to Gmail from multiple computers. I, for example, occasionally sign into my Gmail account from a friend's house when I need to check an important email. Usually I remember to sign out, but every once in a while I wonder if I really did. Now I no longer have to wonder.

At the bottom of your inbox, you'll see information about the time of the last activity on your account and whether it's still open in another location:

Using the above example, a quick glance at the footer while I'm at work shows that my account is indeed open in one other location. But I recognize the IP address - it's my computer at home. Turns out I left my Gmail account open when I left home in a hurry this morning.

Your IP address, or Internet Protocol address, is a number associated with your computer when you connect to the Internet. Some of you might want to know your IP address numbers (more info on finding out your IP address below) for an extra layer of control. For others who don't want to think about IP information, you don't need to.

Continuing with the above example, I can see more details about my recent activity by clicking on the Details link:

The top table, under "Concurrent session information," indicates all open sessions, along with IP address and "access type" -- which refers to how email was retrieved, for example, through iGoogle, POP3 or a mobile phone. The bottom table, under "Recent activity," contains my most recent history along with times of access. I can also view my current IP address at the very bottom of this window, where it says "This computer is using IP address..."

With this information, I can quickly verify that all the Gmail activity was indeed mine. I remember using Gmail at the times and locations listed. Being extra cautious, I can also click on the "Sign out all other sessions" button to sign out of the account I left open at home.

Note: We are in the process of rolling this feature out to the latest version of Gmail, which is available for Firefox and Internet Explorer 7.


When we launched the Gmail blog exactly one year ago, our goal was to provide you with new feature announcements, insight into how the Gmail team works, and tips on how to become a Gmail ninja. We hope you've enjoyed reading our posts, and to celebrate our birthday, here's a look back at the past year and a recap of our 10 most read tips:

10) Have Gmail do your laundry - How to suggest new features for Gmail. We always like hearing from you.

9) Tips for importing old email to Gmail - A post on how to make the switch to Gmail as seamless as possible.

8) Edit contacts right from your chat list - When we released the newest version of Gmail, it came with some new bells and whistles. This one will help you clean up your chat list and change contact information quickly.

7) 2 Hidden ways to get more from your Gmail address - You can insert certain characters to your email address to get additional names out of it -- all of which still make it to your inbox.

6) How to find any email with Gmail search - To take the best advantage of Gmail search, we explain how to use search operators so you can find any email the first time.

5) 5 little-known Gmail features you may not yet know about - When we released the newest version of Gmail, there were a bunch of really useful features people didn't yet know about. So we told you about them.

4) Top 10 little known Gmail features (and Part 2) - In this post, we explained ten Gmail features that people generally didn't know about. From "custom from" to creating events in Gmail, this post goes over key features any serious Gmail user needs to know.

3) Getting Gmail anywhere: IMAP versus POP - A lot of people choose to get Gmail on mobile phones and destkop mail clients, so we went over the two most popular ways people do so and showed the key benefits of using IMAP -- which we've provided for free since the fall.

2) 3 Gmail Labs features that will spice up your inbox - This post covers how to enable and use the most popular Gmail Labs features: Superstars, Pictures in chat and Quick Links.

1) 9 reasons to archive - From the sophisticated to the snarky, these tips fueled the most viewed post in Gmail blog history. If this doesn't get you to archive, then we don't know what will.

Thanks for reading this past year, and we hope to provide even more tips this year -- so stay tuned.


For those of you using newly released Firefox 3, or willing to give it a try, you can take advantage of a new feature that lets you set Gmail as the default for all email links -- those that contain "mailto:" in them. If you're like me and don't have a default email client set up, then clicking these links typically launches an installation wizard for a destkop mail client, or opens some email software that you don't actually use.

Now you can configure Firefox to launch Gmail when you click on email address links and avoid the hassle. The folks over at Lifehacker published these tips on how to set it up:

1) Go to Gmail and sign in.

2) While in Gmail, copy and paste the following into your browser's address bar and hit enter.


Google Apps users can use this code (but be sure to replace with your Google Apps domain name):


3) Click "Add Application" when you are prompted1. Congrats, you just added Gmail to your browser's list of mail clients.

4) To set Gmail as your default, click on this link and you will be prompted with a dialog box listing available email applications. By selecting Gmail and checking "Remember my choice for mailto links" you won't have to tell your browser again. (You don't actually need to send an email after you click that link.)

You can always change this setting by going into "Tools" > "Options" (or "Firefox" > "Preferences," for Mac users) selecting "Applications" and going to the "mailto" option. There's a drop down next to the option that lets you change your default. Clicking "Application details" will take you to a settings page where you can completely remove Gmail or other mail apps.

1If nothing happens when you type in the code, double check that you copied the entire snippet correctly, and if nothing happens, you probably changed an advanced setting (maybe without even knowing) and need to set it back to default. To do it, type about:config into your browser and make sure that network.protocol-handler.external.mailto is on the default setting: true.