Security Experts:

Gmail Flags Unauthenticated Messages, Dangerous URLs

Google this week added new alerts to Gmail to improve the security of its users by informing them when messages can’t be authenticated and when they contain dangerous URLs.

Gmail is now alerting users whenever they receive a message that can’t be authenticated with either Sender Policy Framework (SPF) or DKIM, Google announced. The alert comes in the form of a question mark in place of the sender’s profile photo, corporate logo, or avatar.

Additionally, Google is alerting Web users when they click on a URL received via email, if the link directs the user to a dangerous site known for phishing, malware, and Unwanted Software.

Unlike the unauthenticated message alert, which was created for Android users too, the dangerous URL warning will appear when users access their Gmail account via a browser, Google says. The warnings that will appear when clicking on the link are meant as an extension of the Safe Browsing protection that is already available in various web browsers today.

Google Safe Browsing added protection against unwanted applications several months ago, and now both Chrome and Firefox users can take advantage of it. Google also expanded Safe Browsing to Chrome for Android, optimized Safe Browsing API for Mobile, and made improvements to the Safe Browsing Alerts for Network Administrators service.

The new Gmail alerts are launching to Rapid release now, but Google says that scheduled release is coming in 2 weeks. The feature will be rolled out gradually, meaning that it might take longer than 3 days for it to become visible in some cases.

“Not all affected email will necessarily be dangerous. But we encourage you to be extra careful about replying to, or clicking on links in messages that you’re not sure about. And with these updates, you’ll have the tools to make these kinds of decisions,” Google explains in a blog post.

In February this year, Google announced another set of enhancements for the security alerts in Gmail, informing users of potentially unsafe messages in their inbox, such as emails that are not encrypted. In September 2015, the company made various security improvements to Google Drive, such as Enhanced eDiscovery with Google Apps Vault.


view counter