To fight phishing and other threats posed by spoofed email accounts and malicious links Google is enabling new security warning in Gmail. The e-mail spoofing tactics that are frequently used in phishing will be somewhat countered by the new warning.
Next to the profile pic, avatar, and corporate logo a question mark will be displayed if the message will not be authenticated over the next few days.
Gmail users can now check by opening the email and clicking the down arrow next to the sender’s name if an email is authentic. Permitting the sender to sign unpretentious email digitally the checks are done against the Domain Keys Identified Mail (DKIM) standard or Sender Policy Framework (SPF) records. A ‘signed by’ header will be displayed sending domain and a header ‘mailed by’ will be displayed with the domain name if the mail is genuine. Though the new warnings make these details obvious for the end users.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) allows domain owners to tell Google how to deal with the message which is not authenticated. Google’s decision to follow DMARC protocol is a reason for the new avatar warnings. Users will see a full-page security warning if a message in Gmail comprises a link to a site that’s marked bad by the safe browsing standards warning them not to proceed.