A basic best-practice for email servers is to use TLS (Transport Layer Security) when they connect to one another, which guards against "man in the middle" attacks that would allow attackers to read or change emails while they travel between mail-servers.
This "opprtunistic encryption" still falls short of the mark for real security, but it is a major improvement over unencrypted email transport. The gold standard would be end-to-end encryption, as with GPG/PGP, which guards against your someone at your email provider intercepting or changing your email -- Google announced an end-to-end Gmail plugin in 2014, but there hasn't been much visible progress on it since then.
For Safer Internet Day, the Gmail team has announced a set of new warnings that will pop up when you send or receive emails that don't have transport-layer security. You'll be advised to consider not corresponding with that person, and their profile photo will be replaced with a question-mark to indicate that you can't be sure of who you're talking to.
It's a great first step and an easy win for a better email system -- but until Gmail starts shipping end-to-end encryption, the service will be missing a key piece of security.
Of course, it takes at least two people to send and receive an email, so it’s really important that other services take similar measures to protect your messages---not just Gmail. Unfortunately, not all email services do. And that’s why, starting this week in Gmail on the web, you’ll see two changes that highlight any affected messages:
1. If you receive a message from, or are about to send a message to, someone whose email service doesn’t support TLS encryption, you’ll see a broken lock icon in the message.
2. If you receive a message that can’t be authenticated, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar.
Making email safer for you
[John Rae-Grant/Gmail Blog]
(via Ars Technica)