Security Experts:

Connect with us

Hi, what are you looking for?



Gmail Flags Unauthenticated Messages, Dangerous URLs

Google this week added new alerts to Gmail to improve the security of its users by informing them when messages can’t be authenticated and when they contain dangerous URLs.

Google this week added new alerts to Gmail to improve the security of its users by informing them when messages can’t be authenticated and when they contain dangerous URLs.

Gmail is now alerting users whenever they receive a message that can’t be authenticated with either Sender Policy Framework (SPF) or DKIM, Google announced. The alert comes in the form of a question mark in place of the sender’s profile photo, corporate logo, or avatar.

Additionally, Google is alerting Web users when they click on a URL received via email, if the link directs the user to a dangerous site known for phishing, malware, and Unwanted Software.

Unlike the unauthenticated message alert, which was created for Android users too, the dangerous URL warning will appear when users access their Gmail account via a browser, Google says. The warnings that will appear when clicking on the link are meant as an extension of the Safe Browsing protection that is already available in various web browsers today.

Google Safe Browsing added protection against unwanted applications several months ago, and now both Chrome and Firefox users can take advantage of it. Google also expanded Safe Browsing to Chrome for Android, optimized Safe Browsing API for Mobile, and made improvements to the Safe Browsing Alerts for Network Administrators service.

The new Gmail alerts are launching to Rapid release now, but Google says that scheduled release is coming in 2 weeks. The feature will be rolled out gradually, meaning that it might take longer than 3 days for it to become visible in some cases.

“Not all affected email will necessarily be dangerous. But we encourage you to be extra careful about replying to, or clicking on links in messages that you’re not sure about. And with these updates, you’ll have the tools to make these kinds of decisions,” Google explains in a blog post.

In February this year, Google announced another set of enhancements for the security alerts in Gmail, informing users of potentially unsafe messages in their inbox, such as emails that are not encrypted. In September 2015, the company made various security improvements to Google Drive, such as Enhanced eDiscovery with Google Apps Vault.


Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...