Gmail’s New Approach to Protecting Readers Against Phishing

Spoofing and phishing are on the rise. According to the RSA, more than 260 million emails were sent to consumers every day. A 2010 Symantec report shows more than 95 billion phishing emails were projected to be sent.  Of these fraudulent messages, a significant percent of spoofing is for mailbox providers.

Authentication is one of the key tools we have in the fight against phishing and spoofing, however by itself, authentication just isn’t enough.  There’s a need for multiple initiatives and products to make sure that your brand and your audience is safe. That’s why we created Domain Assurance – an additional way to protect your brand before it gets phished or spoofed.

Another weapon in the fight against these malicious security attacks is a proactive indicator within the webmail or desktop user interface. Gmail recently released a new warning message for emails that could be harmful. Now, when a sender is claiming to be from another Gmail account, but Gmail couldn’t authenticate that account, it is displaying an error message warning the receiver that “This message may not have been sent by: [email protected]” and provides a link to report the possible phishing attack.

This is the first time we’ve seen a “negative” indicator if there is no authentication at all.  This is a little different from Hotmail’s “positive” indicator approach, which has been a trust mark next to selected messages that have passed authentication (“selected” means Hotmail is only doing this for a few hand picked, highly fished brands). What is neat about the Gmail approach is that it solves a problem with more “positive” approaches – if an ISP shows a trust mark next to every message that passes authentication, the mailbox starts to get very cluttered. If you are only showing a negative indicator for domains that you know use authentication a large portion (approaching 100%) of the time, the inbox will be less crowded.

It’s great to see the evolving way that webmail providers are joining the fight to educate consumers and email recipients to the expensive and dangerous emails that may be lurking in their inboxes and what they can do to not only stop it, but be aware of the larger problem.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time