Gmail: question marks for unauthenticated senders

Martin Brinkmann
Aug 11, 2016
Email, Gmail

Google announced back in February 2016 that it planned to improve Gmail security by adding new security indicators to the service.

One of the improvements was the introduction of a new red question mark icon in place of the profile photo, avatar or blank icon to highlight unauthenticated emails.

Google announced yesterday that the roll out of the feature started, and that Gmail users on the web and on Android will soon notice the new red question mark icon for unauthenticated messages.

Take a look at the following screenshot which highlights the difference between authenticated and unauthenticated messages on Gmail.

Gmail: question marks for unauthenticated senders

gmail authentication

Google's method for determining the authenticity of a message is the following one: if a message can't be authenticated using DKIM or Sender Policy Framework (SPF), it is marked as unauthenticated.

Gmail, on the web, displays profile icons only when an email is selected, but not in the email listing itself. This means that you will have to click on a message to find out if it is authenticated or not.

Gmail Safe Browsing

Google announced another change yesterday for the web version of Gmail. The company plans to warn users when clicks on links are made that Google believes are dangerous.

On the web, if you receive a message with a link to a dangerous site known for phishing, malware, and Unwanted Software, you’ll begin to see warnings when you click on the link.

The company added its own Safe Browsing technology to Gmail for that. Gmail users who click on unsafe links will get a full page warning message first.

unsafe links gmail

It is still possible to continue to the site in question, but there does not seem to be an option to turn off these warnings for individual sites or even completely.

Google confirms that false positives may happen, and that it sees these new security features more as reminders to be extra careful when interacting with senders or links pointing to the web.

Gmail users should not rely solely on Google to determine whether a sender or link is trustworthy or not. Any email using SPF or DKIM is shown as authenticated, even if it comes from a Nigerian prince or an Iraqi war veteran who sits on a ton of gold.

These security features are merely indicators, and they are probably right more often than not. Still, it is up to the user to determine whether that is the case for individual emails or web links in messages.

Gmail: question marks for unauthenticated senders
Article Name
Gmail: question marks for unauthenticated senders
Google's Gmail service will display unauthenticated messages with a red question mark, and display warnings when unsafe links are clicked on.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Elena said on December 14, 2019 at 10:13 pm

    One of my contacts has a red question mark on it. I do reply to what this person says but when he responds back the question mark is gone…what does that mean??

  2. Yaseen Mirza said on May 13, 2019 at 11:29 am

    hello sir,

    just i want to know that, if the Red Question mark with gmail what i mean by
    is this fake male or any other reason, plz kindly give me the reply on this topic
    and what is Authenticated and Un-Authenticated. in the gmail .


    Yaseen Mirza

  3. upsetsb-ex-gmailuser said on December 17, 2016 at 1:40 am

    I Hate this feature! I have to close every bleeping header before I can even SEE the bleeping message! And, this does not even Keep crackers out! If we really want to keep crackers out, we would create better programs that would allow much stronger passwords.

    What programs do we need to create? Each key on the keyboard is assigned a number and we only have so many numbers that can be assigned so that it can communicate with the web and other apps. What if instead, we were to be able to have an external keyboard where we could assign what ever 10 digit number we want to every key, with the only requirement being that no two keys could use the same number, and further more, allow every different combination of “shift, control, alt, caps lock” allow a different number to be assigned to the same key.

    For example: The letter J could have 120 different numbers assigned to it, if every combination was possible (5!). The receiver would remember the number combination it received and encrypt this using a minimum 10 digits per “digit”. 3628800 combinations possible per 1 digit. The humour: Cracker can still capture all this on fake websites, thus not flawless. But, I still think it may offer stronger passwords, and make it harder for crackers to crack.

    If I didn’t have brain damage due to stupid mother, I would have programmed this ages ago! Thus, I give this away for someone else to do. :P

    MENSA people who read, you can ignore this, as this only applies to the trolls who do not read! Please do NOT tell me that we can not do this as it does not exist! I know it does not exist! I am saying that we should create this so that it can exist! Thanks! (Sorry MENSA people! I just had imbeciles argue this way with me before every single time I don’t say this! Just being annoyingly proactive. )

  4. ddk said on August 11, 2016 at 4:26 pm

    Actually gmail is pretty decent, considering the source.
    Very little spam actually gets thru to inbox making for a cleaner email experience.

  5. Maelish said on August 11, 2016 at 3:43 pm

    I like the fact that Gmail is also marking messages with unlocked symbols if they aren’t encrypted.

  6. Dan said on August 11, 2016 at 7:52 am

    These are long overdue. If a sender’s mail host can’t even authenticate their messages via DKIM or SPF, then it’s very fishy. I myself even configured my domain’s gmail-hosted email “v=spf1 -all”, which means that if an email message is not authenticated via SPF, it should be considered fraudulent (which it always is) and must be rejected by other mail servers. Unfortunately, most do honor the hard “-all”.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.