Internet Performance Delivered right to your inbox

What You Should Know About Gmail’s New Anti-Phishing Check

The good people at Google are always making updates and changes to their products, keeping everyone from tech geeks to Mom on their toes when it comes to user experience.

Their Gmail offering is no different and in the past few days, users may have noticed a new snippet of information next to the sender’s name/address designed to give the recipient more insight into who is sending the email that is making it into their inboxes.

This anti-phishing measure is a nice nod toward better insight into email delivery and here’s what you should know about it — especially if you’re delivering email through Dyn.

At the core, this new measure is part of something Dyn preaches: email authentication.

Here’s a simple way to describe this, using someone sending through us as an example:

  • Joe Smith sends normal email from his company account (joe@smithco.com) but he also wants to send marketing messages from an Email Service Provider (ESP) via info@smithco.com.
  • Jill Smith gets regular emails from Joe at her company and wants to sign up for his newsletter. However, her company’s mailserver sees that email from joe@smithco.com and info@smithco.com are coming from two different services and thinks, “Hmmm….this doesn’t match up. Must be spoofing!”, blocking the marketing email.

So how can Joe get both of those emails to opted-in Jill? Email authentication.

Joe can add the ESP’s sending IP range to his company’s SPF record, in addition to setting up domain keys with the ESP. Essentially, this authenticates the ESP to send email from smithco.com on their behalf. Since Joe has to add these in manually, the ability for others to spoof is nearly non-existent.

So what did Gmail do?

They are displaying information found in message headers and pulling that out for display with different looks dependent on what Gmail perceives the relationship with the sender to be. In addition to displaying the email address, they are also showing that name and adding ‘Via’ the server/service being sent from.

I send through Dyn, but I don’t want users to see that. Can I remove it?

Since Gmail looks for that authentication (like the smithco.com example above), adding our sending IPs to your SPF record and establishing domain keys is strongly recommended. That will tell Gmail that things are authenticated and rated AG — All Good.

Want to know if your domain has an SPF setup? Click here, type in your domain name and then click “Get my SPF (If any)”.

If you’re a DynECT Email Delivery customer, log into the application and click “Approved Senders”. If you have an SPF record setup, you’ll see a “Yes” under SPF. And if it says “No”, click on it and it will give you directions on how to setup your specific domain’s SPF record in your DNS.

If you want Gmail’s explanation of all of this, here you go. We think this is a great step by Gmail to further eliminate spam from the sending world and hopefully other email clients follow suit.

Josh Nason is the Inbound Marketing Manager for Dyn, the IaaS (Infrastructure-as-a-Service) leader that features a full suite of DNS and email delivery services for enterprise, personal and small business. Follow on Twitter (joshnason and @dyninc) and check out his blog archive.


Share Now

Whois: Josh Nason

Josh Nason is a Reputation Manager at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.