Google is toughening up Gmail’s safeguards to make email just a little bit safer. Soon, you’ll be seeing more warnings about potentially dangerous messages… though what you do about those warnings continues to be entirely up to you.
A bit of background is in order. Google’s Gmail attempts to validate inbound messages using one of two systems.
The first, Sender Policy Framework (SPF), attempts to protect against sender address forgery (what’s commonly called spoofing) by allowing a domain’s owner to publish the IP addresses of the mail servers it uses.
Not all domain owners are willing or able to publish definitive SPF records (for example if they regularly allow third-party email marketing companies to send email for them), but properly-maintined SPF records can help receiving servers like Google’s to check for spoofed email.
The second verification system, DomainKeys Identified Mail (DKIM), allows a sending organization to include a digital signature of the message that a recipient can validate. If the email fails the DKIM check, then it was probably sent by an imposter who didn’t have the necessary signing key to pass the test, or was modified along the way.
Now, if a message can’t be validated by SPF or DKIM, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar.
Unfortunately, a message that can’t be validated isn’t necessarily trouble. But it certainly ought to raise your antennae. Especially if the sender’s asking you for something – like, say, a payment, your bank details or your social security number.
The question mark’s still a bit subtle, but at least you won’t have to click any tiny down-arrows most folks never even knew existed, which is what you had to do before.
There’s nothing subtle at all about Gmail’s second new warning:
If you receive a message with a link to a dangerous site known for phishing, malware, and Unwanted Software, you’ll begin to see warnings when you click on the link… The full-page warning will [say]: Warning – visiting this web site may harm your computer!
That’s pretty clear!
You might not see these changes instantly. According to Google’s 10 August message, its “launching to rapid release, with scheduled release coming in 2 weeks,” and will be rolled out gradually to Gmail’s massive user base.
The new features have been publicized as a boon for companies using Google Apps for Business, but they’re intended for every Gmail user, business or otherwise.Follow @NakedSecurity