Sunday, July 26, 2009

New in Labs: The super-trustworthy, anti-phishing key

New in Labs: The super-trustworthy, anti-phishing key

Posted by Brad Taylor, Gmail Spam Czar

We're always looking for new ways to protect Gmail inboxes from spam and phishing. Last year, we started taking extra steps to protect you from fake eBay and PayPal emails, requiring that any email claiming to come from one of eBay's or PayPal's domains actually comes from them. We do that by looking at the "From" header, and when it says "ebay.com" for example, it means it really did come from ebay.com. Anything else is rejected; it won't even appear in your spam folder because Gmail won't accept it.

Now, unless you are a regular reader of this blog with a photographic memory, you may not be aware of this extra protection. So, we thought we'd add a little something to remind you. Turn on "Authentication icon for verified senders" from the Labs tab under Settings, and you'll see a key icon next to verified emails that are super-trustworthy.










"Super-trustworthy" is a technical term I just invented that means: (1) the sender, usually a financial institution, is a target of phishers, (2) all of the sender's email is authenticated with DKIM, and (3) Gmail rejects any fake messages that claim to come from this sender, but actually don't.

It's a bit of work for sender! s to mak e their email super-trustworthy, which is why this feature is limited to just eBay and PayPal right now. We hope to add more senders in the future, and when we do, you'll know because you'll see the super-trustworthy key icon magically appear by those senders too. Give it a whirl and let us know what you think.