New Gmail Alerts Warn of Unauthenticated Senders

Google is expected soon to begin a gradual rollout of new security features in Gmail that warn users if the system could not authenticate the sender of an email message.

Starting this week for browser-based users of Gmail and Android users, Google will display a question mark over a sender’s profile photo or user logo if the message cannot be authenticated with Sender Policy Framework or DKIM.

Unauth Profile Pictures

A new set of warnings will also be displayed for messages containing potentially dangerous links.

“On the web, if you receive a message with a link to a dangerous site known for phishing, malware, and Unwanted Software, you’ll begin to see warnings when you click on the link,” Google said yesterday in a post to its Apps Updates blog. “These warnings are an extension of the Safe Browsing protection available to various web browsers today.”

Safer Links in Gmail

Google has continued to evolve the warnings it presents to users in search results throughout the past couple of years. Malware, phishing, encryption and unwanted or deceptive software warnings have been revamped, and in most cases, been made less technical and more simple for consumers especially to understand.

Google has twice this year updated its Safe Browsing alerts to include deceptive embedded content and enhanced warnings around unwanted and malicious software for network administrators.

The announcement comes on the heels of the release of a study published by Google and the New York University School of Engineering on the distribution of unwanted software.

Specifically, the paper looks at four commercial pay-per-install networks and attempts to classify the software they distribute and measure the impact on users.

“We find that unwanted ad injectors, browser settings hijackers, and ‘cleanup’ utilities dominate the software families buying installs,” the paper’s authors wrote. “Developers of these families pay $0.10–$1.50 per install—upfront costs that they recuperate by monetizing users without their consent or by charging exorbitant subscription fees. Based on Google Safe Browsing telemetry, we estimate that PPI networks drive over 60 million download attempts every week—nearly three times that of malware.”

Google says its Safe Browsing service has gone a long way toward putting barriers in front of these often deceptive downloads.

“Unwanted software isn’t necessarily malware but can include things such as adware or other apps that don’t perform the function they promised, gather user information without the user’s knowledge, spy on users’ activities. or perform other unwanted actions,” Google said last year.

Google said the scheduled release for Gmail for all users is expected within two weeks.