Gmail Adds Detailed Sender Information To Improve Security
When I was working in tech support for a large German financial corporation I regularly had to deal with support requests by customers who received phishing emails.
It took a lot to convince the majority of customers that those phishing emails were not sent by the company but by criminals. Especially fake email addresses were a problem, as many could not understand that it was possible to fake the email sender.
It usually helped to use a letter analogy as anyone could add any sender name to a letter.
Google recently announced changes to their email service Gmail that aids users in determining the real sender of an email message.
Google actually has added a series of improvements to Gmail. Email addresses from senders who are not already in a Gmail user's contacts list are now shown prominently in the header. This change makes it easier to identify the sender directly without having to look at the email headers in detail first.
But the changes do not stop here. It sometimes happens that someone sends an email for another user or from another website, for instance by using a web form. This is now also reflected in the email header directly. Gmail users now see the name of the sender as well as the sender's email address and a via link so that you know from where it was sent.
Probably the biggest change from an anti-phishing point of view is a new warning that appears if Gmail believes that the email could have been sent by someone else.
Gmail shows a "This message may not have been sent by" warning underneath the sender with links to learn more and to report a phishing email.
All three additions are visible directly when an email has been opened on the Gmail website. The new information improve security for all Gmail users, provided that those users pay attention to the notifications and additional information.
Especially the first two additions can be overlooked easily due to their gray font color on white background. The phishing warning on the other hand uses a yellow background so that it can be easily spotted by everyone. (via)
That’s fine for web mail people, but what about people using POP mail in a email client? Will they get detailed info about the senders true identity? Heck if I’m going to login to GMail in a browser just to get that feature and give up POP mail.
The email header information is passed to your email client.
Google has no control over what your email software does with it.
Also email add. could be spoofed as well.