Google Workspace Warning About Sender
Have you ever seen warning like the one shown here?
It may have made you wonder if someone was sending you forged email. You should always be on your guard, but there can also be an innocent explanation.
Every message has a complex set of headers that convey information about who the message is from, who it is to, and how it got to where it was going. Your email client typically only shows you a few of these headers, such as To, From, and Subject. The rest are still there, under the covers. There is also hidden information in the body of the message, dividing it into parts, for instance HTML and plain-text variations, or marking the beginnings and end of attachments. These are called MIME parts.
Google and other providers include an anti-spam standard called DKIM on outgoing messages. DKIM provides assurance that your email came from the place that it claims, and that neither the headers nor the body of the message have been altered in transit. This is a good thing.
However, if the mail was first processed by another system (for example, a Cornell or external e-list, an Exchange EGA, or forwarded from a different external account), the message may have been altered enough to trigger this warning.
Google has a support page with a fuller description of this warning message.