Security Experts:

Connect with us

Hi, what are you looking for?



Gmail Flags Unauthenticated Messages, Dangerous URLs

Google this week added new alerts to Gmail to improve the security of its users by informing them when messages can’t be authenticated and when they contain dangerous URLs.

Google this week added new alerts to Gmail to improve the security of its users by informing them when messages can’t be authenticated and when they contain dangerous URLs.

Gmail is now alerting users whenever they receive a message that can’t be authenticated with either Sender Policy Framework (SPF) or DKIM, Google announced. The alert comes in the form of a question mark in place of the sender’s profile photo, corporate logo, or avatar.

Additionally, Google is alerting Web users when they click on a URL received via email, if the link directs the user to a dangerous site known for phishing, malware, and Unwanted Software.

Unlike the unauthenticated message alert, which was created for Android users too, the dangerous URL warning will appear when users access their Gmail account via a browser, Google says. The warnings that will appear when clicking on the link are meant as an extension of the Safe Browsing protection that is already available in various web browsers today.

Google Safe Browsing added protection against unwanted applications several months ago, and now both Chrome and Firefox users can take advantage of it. Google also expanded Safe Browsing to Chrome for Android, optimized Safe Browsing API for Mobile, and made improvements to the Safe Browsing Alerts for Network Administrators service.

The new Gmail alerts are launching to Rapid release now, but Google says that scheduled release is coming in 2 weeks. The feature will be rolled out gradually, meaning that it might take longer than 3 days for it to become visible in some cases.

“Not all affected email will necessarily be dangerous. But we encourage you to be extra careful about replying to, or clicking on links in messages that you’re not sure about. And with these updates, you’ll have the tools to make these kinds of decisions,” Google explains in a blog post.

In February this year, Google announced another set of enhancements for the security alerts in Gmail, informing users of potentially unsafe messages in their inbox, such as emails that are not encrypted. In September 2015, the company made various security improvements to Google Drive, such as Enhanced eDiscovery with Google Apps Vault.


Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.