On March 7, 2019, Google announced that they launch their new feature: Gmail confidential mode in beta. This feature allow G Suite users with Gmail enabled sending emails with expiration date, in additional, the recipients won’t be able to forward, copy, print, or download email content or attachments and sender can be revoke email message any time.
I am super exited about the this features. how come an email couldn’t be forwarded? How does Google delete / revoke e-mails that already sent to another e-mail servers? Therefore, let’s find out!
Getting Started
This feature will become generally available (GA) on June 25, 2019 and will be set to default ON for all domains with Gmail enabled. So before the date, you need to be G Suite admin to enable this feature.
To enable confidential mode for G Suite organisation, go to the Admin console and navigating to Apps > G Suite > Settings for Gmail > User settings. There will be select option to Enable confidential mode.
End Users - Sender
Once Gmail confidential mode is activated by admin, users can use Gmail confidential mode. When they compose an email, there is a button to enable confidential mode for the email.
If users click on the button, it opens the Gmail confidential mode user settings dialog box where they can modify the settings:
Users can set an expiration date for messages and messages can revoked by sender at any time. When choosing “No SMS passcode” option, Google will send passcode to recipients by email.
End Users - Recipient’s
I tried sending an email with confidential mode enabled from G Suite to non Google-related e-mail service (in this case is cPanel), the results is like this:
When user sends a confidential message, Gmail replaces the message body and attachments with a unique link. Only the subject and body containing the unique link are sent via SMTP. There’s no other special email headers set by Gmail confidential message. So, that’s the reason why sender can revoke the mail message: the mail body and attachment are kept at Google servers. The recipient’s are forced to read confidential email message from the generated link.
When recipient’s click at message link, a new tab in recipient’s browser will open and recipient’s need to click on “SEND PASSCODE” button. The one-time passcode will be sent to the recipient’s e-mail (or phone number if sender choose “SMS passcode” option).
After verifying passcode, recipient’s will be able to see the original email message.
Google Really Keeps Their Words
On the “simple” message page, Google really keeps his word: there are no “forward message” button. Recipient’s won’t be able to print or copy the message contents because shortcut features CTRL + P for printing pages, and mouse click on message body is disabled. Trying to print using browser menu options won’t help because message body CSS likely set to @media print { display: none !important; }.
The most interesting thing is when opening the developer console/inspect element (look at the picture below).
tracking, or at least they know that I’ve access (maybe as the owner, or an unauthorized user) of recipient’s email. Yes, Google know that recipient’s email (in this case [email protected]) having relations or linked to my personal gmail account. :)
Conclusions
- Removes the option to forward, copy, download or print messages reduce the risk of confidential information being accidentally shared with the wrong people.
- Protecting sensitive content in your emails by creating expiration dates and additional authentication via text message to view an email makes it possible to protect data even if a recipient’s email account has been hijacked while the message is active.
- Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn’t prevent recipients from taking screenshots or photos of messages or attachments.
- Recipients who have malicious programs on their computer may still be able to copy or download your messages or attachments.
- When sending emails, subject header should not contain any confidential content.
