Skip to main content

Cornell University

Google Workspace Warning About Sender

Have you ever seen warning like the one shown here? 

It may have made you wonder if someone was sending you forged email. You should always be on your guard, but there can also be an innocent explanation.

Every message has a complex set of headers that convey information about who the message is from, who it is to, and how it got to where it was going. Your email client typically only shows you a few of these headers, such as To, From, and Subject. The rest are still there, under the covers. There is also hidden information in the body of the message, dividing it into parts, for instance HTML and plain-text variations, or marking the beginnings and end of attachments. These are called MIME parts.

Google and other providers include an anti-spam standard called DKIM on outgoing messages. DKIM provides assurance that your email came from the place that it claims, and that neither the headers nor the body of the message have been altered in transit. This is a good thing.

However, if the mail was first processed by another system (for example, a Cornell or external e-list, an Exchange EGA, or forwarded from a different external account), the message may have been altered enough to trigger this warning.

Google has a support page with a more complete description of this warning message.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.