This was an early attempt at something like BIMI (though in the other direction this is an image to warn of potential spoofing rather than an image that is robust against spoofing) and I think it's a good protective step.Īs of 2016, Google and many others block mail when DMARC invokes its reject policy, so this only affects senders that do not use DMARC p=reject (which can only trigger when neither SPF nor DKIM passes with alignment).īack before DMARC, SPF was widely deployed and its use of -all and ~all had very low efficacy blocking based on either would result in blocking vast volumes of legitimate mail. All it means is that, when neither DKIM nor SPF pass (presumably with alignment), the image used to represent the sender will be replaced by that gray stop-sign with a bold red question mark on it, as demonstrated in the screen shot. This has nothing to do with accepting a message for delivery. On the web or Android, if you receive a message that can’t be authenticated with either Sender Policy Framework (SPF) or DKIM, you’ll see a question mark in place of the sender’s profile photo, corporate logo, or avatar. That article mentions a new "security warning" in which:
I have already changed my password as a precaution, but I am curious is this anything to worry further about? The "From" field was indeed my actual email address. The email address this was sent to is reported a few times on the internet as possible phishing, but it's not clear to me why Gmail would automatically generate an email on my behalf to this address. There was no content in the email, just the jumble of characters in the subject. This message was automatically generated by Gmail. Subject: bW9KRGdIeTlyMFd2UjZQQVYrQUd0TVJ5N2IrbDlqVXh2NlF6ZUFvaDlaanpRQWwzVmZtVFlwQVo5cXUybmRFbC0ta0VvVDdmakJzVzQz元lQM2lYL0tBQT09-19cd1b1aa0f32659eece53630df822281b44c804 Here is the header information: To: Mon, 06:54:17 -0700
I just noticed a strange email in my sent folder that I did not send.