Wednesday 29 May 2019

Avoiding Gmail's confidential mode

So this is one of the very few (maybe the first?) blog entries I've written that aren't directly related to PostgreSQL, however, it does affect how I (and others) may work on the project.

Last night I received email from Google about my personal G Suite account which I use for all my day-to-day email, which for the most part is related to work on pgAdmin and PostgreSQL. Google were proudly announcing the rollout of their new Gmail Confidential Mode update. If you've not come across this yet, then essentially what it does is allow users to send emails that can be deleted or expired after a certain amount of time, optionally require SMS verification to open them, and prevent printing (but not screen-shots of course), forwarding or downloading etc.

When using the Gmail web interface, this all works fairly seamlessly. I can see why some people would want it if that's all they use, however, like many people, I also use other clients, for example, via IMAP. In that case, instead of the original email Gmail sends a placeholder email to replace the actual message which contains a link to allow you to login to Google and view the message online (assuming the SMS verification passes and the message hasn't been deleted or expired of course). That's going to be quite inconvenient to me, besides which, I really don't want anyone to be able to control access to emails they've sent me, after I've received them.

There's another problem affecting PostgreSQL's mailing lists however. How long will it be until someone sends such a message to one of the PostgreSQL lists, where it will do nothing but clutter up the archives and annoy other users (who won't be able to read the message anyway as they won't be able to login to Google as or whatever the list address was)?

Fixing the PostgreSQL mail servers

After some discussion with some of the PostgreSQL sysadmin team, we discovered that Gmail adds a header to the messages that have confidential mode enabled (X-Gm-Locker: <token>). This is easy for us to deal with - Stefan was very quickly able to add a rule to the Exim configuration on our inbound SMTP servers that will immediately reject any messages with this header, sending a message back to the user explaining why their message was rejected, and to resend it with confidential mode disabled.

Fixing my Gmail outbound email

Disabling confidential mode for my own outbound email was pretty easy:
  1. Select the option to "Manage this domain"
  2. Navigate the G Suite admin interface to Apps -> G Suite -> Gmail -> User Settings.
  3. Under Confidential Mode, set the Disable option, and save the settings.
Now, confidential mode will no longer be available in the compose message interface in Gmail. Well, once the settings have propagated around and the UI has refreshed anyway.

Rejecting confidential messages from Gmail

This part is a little more complex, and requires a suitable G Suite account. It will not work with plain Gmail.
  • Select the option to "Manage this domain"
  • Navigate the G Suite admin interface to Apps -> G Suite -> Gmail -> Advanced Settings -> Content compliance
  • Add a policy:
    • Give it a name
    • Select "Inbound" for the email messages to be affected in section 1.
    • Set the option for "If ANY of the following match the message" in section 2, then add a new expression:
      • Set the type to "Metadata match".
      • Select "Gmail confidential mode" under Attribute.
      • Select "Message is in Gmail confidential mode" under Match type.
      • Save the expression.
  • In section 3, select Reject the message as the action and enter a suitable custom message, e.g. "This domain does not accept messages sent with Gmail Confidential Mode enabled. Please disable and resend."
  • Save the settings.
You should now find that email is rejected by Google, if confidential mode is enabled. I had my friend Jonathan send me a test message, which was duly rejected with the message:

550 5.7.1 This domain does not accept messages sent with Gmail Confidential Mode enabled. Please disable and resend. - gcdp z20sor188854uan.2 - gsmtp

There. Normality has been restored.