We rely on email to communicate, but because there are many hazards to security and privacy lurking inside your inbox, Google is working to make Gmail a safer place. It's adding features to warn you if you shouldn't trust a sender, or if a correspondent may not be using email encryption.
If Gmail can't verify that the sender of a message is who he, she (or it) claims to be — for example, if the account name says Bank of America, but the message comes from a non-Bank of America mail server — you'll see a big question mark where the sender's avatar normally would be.
This change, detailed in a Gmail blog posting yesterday (Feb. 9), aims to alert users of suspicious email messages. "Spoofed" email addresses that forge the name of the sending domain are often used by spammers, phishers and malware distributors. A spoofed address may dupe many users into believing that a bank really does need their full names, Social Security numbers and online-account usernames and passwords.
Above is a screenshot of an email message we received while writing this story. The message says it's from Microsoft and provides an embedded link to "reactivate" our "Microsoft outlook account." Ironically, the real Microsoft Outlook did nothing to flag this message as being suspicious, and unwitting users may have clicked on the link without thinking twice. Placing a question mark over the sender's avatar would tell users that something is ... phishy.
However, Gmail seems to only flag messages based on their senders. It did nothing to warn us of the above message when we forwarded it to our Gmail account.
The other new Gmail feature will alert users if they send messages to, or receive messages from, correspondents whose email servers can't handle encryption. It's meant to make Gmail users think twice about sending sensitive information in plaintext messages that could be read by intermediaries. If the person with whom you're exchanging messages is using an unencrypted email server, a broken-red-lock icon will appear in the upper right corner of each message.
We remind all users, regardless of email service, to never click on links embedded in unexpected or suspicious email messages, and to always be cautious when emailing important information.