“This message seems dangerous” problem is common among people using SaasS services or monitoring applications. There are several reasons why Gmail messages display this banner both in your Inbox and in the emails you send to others. If you encounter this problem, several solutions should help fix the problem.
“This Message Seems Dangerous” in inbox emails
If you receive an email and see a “This message seems dangerous” message, try the following steps.
Check the sender of the email
First, find out if the email is from a trusted source. Fake sender names are probably the most common tactic that doesn’t require special hacking skills. For example, sometimes hackers disguise their email to make it look like it came from a trusted person or company. In this way, hackers may replace a character in the address with a similar one, such as using the numeric “0” in place of a capital “O” or a lowercase “l (L)” instead of a capital “I (i)”. It looks like the example is an attempt to impersonate Amazon Fulfillment. However, if you look closely, the sender’s email address looks like [email protected] and is not a valid Amazon email address.
It is also worth paying attention to
- Emails from companies to which you are not subscribed;
- Domains from countries you are not affiliated with;
- Emails from domains you haven’t heard about.
If you come across such an email, you should open it. The sender’s current email address will always appear in bold text above the email’s subject line.
Also, pay attention to suspicious signs in the body of the email, such as spelling errors in names and other questionable things. Remember: Banks, social networking sites, and government agencies never contact you via email for confidential information. If, after the steps you’ve taken, the email looks like it came from someone you’ve corresponded with, there’s one final check you can do to be sure.
Select Compose in the upper left corner of the Gmail window.
Copy the suspicious email address to the panel.
If the address matches a trusted sender with whom you’ve corresponded, their email appears in the drop-down list. However, if nothing occurs, or the emails in the drop-down list don’t match, you’ve probably received a fraudulent email disguised as one from a trusted sender.
It’s important to understand that legitimate senders can also send you malware if their email has been compromised. The most reliable option is to contact the sender outside of Gmail and ask them directly if the email came from them.
If the email is authentic after performing the above checks, click “Looks safe”, and the banner will disappear. That way, Gmail’s AI will know that you trust the sender and will stop displaying the flag. However, sometimes Gmail won’t let you click Looks Safe. Instead, it will just say “Delete” or nothing at all. This happens because Gmail determines that the email is malicious. If you’re still convinced it’s safe, you’ll have to send a request to Google Support to fix the problem. In any case, if you don’t trust the email, don’t click on any links in the email, don’t download any attachments, and don’t reply.
Click Report Dangerous or Report Phishing
If the message is a phishing scam, clicking “Report Dangerous or Report Phishing” is the only right thing. This will move the suspicious email to your spam folder and alert Google’s anti-malware team to help prevent similar phishing attacks. The email will be automatically deleted after 30 days, but you can also delete it manually.
Scan your device
If you downloaded the attachment from the email, run a full computer scan with a high-quality antivirus such as GridinSoft AntiMalware.
“This Message Seems Dangerous” emails I send
If you are sending an email and your recipients are complaining that they are displaying “This message seems dangerous,” here are a few reasons why this might be happening:
- Too many recipients (the system often labels chains of emails that way);
- Poor grammar/punctuation;
- Too many images;
- Too many attachments;
- Too many hyperlinks;
- Your email address is in the spam filter database;
- You have not set up email authentication;
- Your device is infected with malware;
- The email has no unsubscribe button (or link); you are sending it from the corporate domain.
The following steps may help solve this problem.
Clear your emails
Google automatically tags emails that meet the criteria above to protect users from phishing links. So, you can try to remove images, links, and attachments and make sure your email is free of simple errors. For example, suppose you are sending emails with a design element. In that case, there may be code in your email template that causes your messages to be flagged as dangerous. Experiment with your template content by removing elements and sending test emails to see when a warning appears and when it doesn’t. You can find the source of the problem this way.
If you send business emails to a mailing list, it’s essential to check your rejection and complaint rates. You need to keep them as low as possible by immediately removing those addresses where you received a rejection or complaint from your database. You can try sending an email to fewer people or using Gmail’s “blind carbon copy” (BCC) feature. This feature will hide the recipients’ email addresses from each other. This way, the likelihood of Gmail flagging your email is reduced because you won’t be spreading personal information (PII).
Set up email authentication
SPF, DKIM, and DMARC are email authentication methods. You need them to confirm to ISPs and mailers that you are authorized to send emails from a particular domain. Verifying an account with SPF, DKIM, and DMARC is vital because Google recommends using all three authentication methods.
Here is a brief description of these functions:
- SPF (Sender Policy Framework) – specifies how many domain IP addresses are allowed to send email from your domain.
- DKIM (DomainKeys Identified Mail) – ensures that emails going from server to server do not interfere with anyone in the middle, and the receiving end can identify these emails.
- DMARC (domain-based message authorization) – an additional layer of verification that matches the validity of SPF and DKIM records. You can receive DMARC reports in the event of an email verification failure.
Scan your device
Viruses and other malware can gain control of your device and send themselves as attachments to other users. These users can download and run attachments received from your device because they trust your email address. Running a full scan will allow you to prevent the virus from hijacking your email and also let you find out what malware is on your device. In this way, you can help protect your email recipients by alerting them to the specific risks they may face.
It’s impossible to know precisely why Gmail marks some emails with this banner. Gmail has chosen not to disclose its exact spam/malware detection logic. This is probably to prevent hackers from using this information to bypass Google’s filters. However, we do know something about Gmail’s email filtering technology. When you send or receive an email, it goes through Google’s spam filters before entering your inbox. These filters cannot be disabled, but that’s a good thing. For example, suppose Google deems an email going through them as suspicious. It will either be flagged with the banner “This message seems dangerous” or sent to the Gmail spam folder. These filters are essential because email is a common vector for cyberattacks of all kinds, including:
- Spear Phishing. Malware, exploits, or phishing attacks directed at a specific recipient;
- Malspam. Malware, including ransomware, Trojans, and spyware, is usually delivered via email;
- Link Phishing. Emails disguised as a trusted organization containing links to malicious websites. These websites can steal your information or encourage you to download dangerous files;
- Exploit attacks. Emails that contain code that can find a security vulnerability in your computer, such as an outdated operating system. Malicious code can use this exploit to open a backdoor in your system, spread malicious files, or steal information.
When you are trying to protect yourself from email attacks, in that case, you should download an antivirus program rather than relying solely on finicky Google email filters. For example, Our Antivirus Solution performs real-time malware scanning and can prevent your system from being infected by e-mail attachments.