Sometimes, Gmail displays a “This Message Seems Dangerous” notification alerting the user that the email seems dangerous, which is obvious. While the banner usually contains more detailed information, this often happens when other users report similar types of emails to Google as “phishing” emails. In other cases, the banner may contain a description like this: “Gmail could not confirm that it actually came from [domain]”, “This may be a spoofed message”, or “[Name] has never sent you messages using this email address”. Let’s have a look at why this error appears and how to prevent it, for both senders and the receiving end.
How to Fix “Be Careful With This Message” Error
Gmail does not disclose the logic behind its filters and spam detection to prevent hackers from bypassing Google’s filters. When a user sends or receives an email, it goes through Google’s spam filters before reaching the inbox. It’s a kind of Blackbox that can’t be turned off. If Google deems the email suspicious, it will either be flagged with a banner. However, this doesn’t always mean a guaranteed threat; sometimes, filters can flag safe, clean emails.
If you receive an email and see a “This message seems dangerous” message, try going through the following steps. I begin with the troubleshooting steps for:
Check the Sender
Before trusting an email, it’s crucial to verify the sender. Sometimes, hackers can disguise their email to appear as if it’s from a legitimate source. Examine the email address for spelling mistakes or characters that closely resemble others, such as a numeric “0” instead of a capital “O” or a lowercase “l” instead of a capital “I”.
Hackers can spoof an email to make it look like it’s from a trusted source, like Amazon. However, if you look closely at the sender’s email address, you might find that it’s something like [email protected], which is not a legitimate Amazon email address.
Today, scammers are using artificial intelligence to write phishing emails, virtually eliminating errors in the text or red flags. Nevertheless, while you open the email, look for suspicious signs in the email’s body content, such as misspelled names and other spelling mistakes. Remember: Banks, social networking sites, and government institutions never contact you for sensitive information via email.
Is It a Trusted Sender?
Next, there’s one thing you can review to be completely certain about the “This message seems dangerous” notification”: check whether the sender is really someone you know. Google offers a convenient way to do this. Select Compose in the upper left corner of the Gmail window.
Copy the suspicious email address to the “To” field in the new email panel.
If the address matches a trusted sender with whom you’ve corresponded, their email will appear in the drop-down list. However, if nothing occurs or the emails in the drop-down list don’t match, you’ve probably received a fraudulent email disguised as one from a trusted sender.
If the email is authentic after performing the above checks, click “Looks safe”, and the banner will disappear. This action informs Gmail’s AI that you trust the sender and stops displaying the flag. However, sometimes Gmail won’t let you click “Looks Safe”. Instead, it will just offer the option to “Delete” or nothing at all, indicating Gmail has determined that the email is malicious.
If you’re still convinced it’s safe, you must request Google Support to fix the problem. In any case, it’s important to remember that your discretion is key in handling suspicious emails. If you don’t trust the email, don’t click on any links, don’t download any attachments, and don’t reply.
It’s important to understand that legitimate senders can also send you malware if their email has been compromised. The most reliable option is to contact the sender outside of Gmail and ask them directly if the email came from them.
Report the Email
If you determine that the message is a phishing scam, click “Report Dangerous” or “Report Phishing”. This will move the suspicious email to your spam folder and alert Google’s anti-malware team to help prevent similar phishing attacks. The email will be automatically deleted after 30 days, but you can also delete it manually.
Gmail Labeling My Messages As Dangerous
Now, let’s switch to the point of view of a sender. In some cases legitimate businesses, especially ones that send newsletters, encounter Gmail flagging their emails as “dangerous”. This happens because the system is triggered by signs characteristic of spam mailings. The following are the possible triggers that cause the banner to appear:
- Too many recipients (the system often labels chains of emails that way)
- Too many images
- Too many attachments
- Too many hyperlinks
- Poor grammar/punctuation
- Your email address is in the spam filter database
- You have not set up email authentication
- Your device is infected with malware
- The email has no unsubscribe button (or link)
- You are sending it from the corporate domain
If you’re encountering this issue, remember that you have the power to optimize your email template design. If your emails have a design element, there might be code in your email template that flags them. For example, some chunks in your email that optimize the display on different devices may be suspicious to Gmail:
/* MOBILE STYLES */
@media screen and (max-width: 525px) {
.mobile-hide {
display: none !important;
}
}
This class is used to hide some elements to make them fit on mobile screens, but it can cause a red banner.
More Careful Handling
If you send business emails to a mailing list, checking your rejection and complaint rates is essential. Keep them as low as possible by immediately removing addresses where you received a rejection or complaint from your database. For instance, if none of the user’s emails have been opened in the last six months, consider that an inactive account and stop mailing them.
You can email fewer people or use Gmail’s “blind carbon copy” (BCC) feature, which hides recipients’ email addresses from each other. This reduces the likelihood of Gmail flagging your email because you won’t be spreading personal information (PII).
Another important point is allowing recipients to unsubscribe from your mailing list. Ensure your emails always have an “Unsubscribe” link in the footer.
Set Up Email Authentication
SPF, DKIM, and DMARC are email authentication methods that confirm to ISPs and mailers that you are authorized to send emails from a particular domain. Verifying an account with SPF, DKIM, and DMARC is vital, and Google also recommends using all three authentication methods.
These functions are briefly described:
- SPF (Sender Policy Framework) specifies which domain IP addresses can send emails from your domain.
- DKIM (DomainKeys Identified Mail) ensures that emails traveling from server to server are not tampered with and that the receiving end can verify these emails.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance) adds an extra layer of verification by matching the validity of SPF and DKIM records. You can receive DMARC reports if an email verification fails.
Disable Your Antivirus Email Signature
Some antivirus programs automatically add a digital signature to outgoing emails, confirming they have been scanned and are virus-free. However, this digital signature can conflict with Gmail’s security measures, which leads to flagging your emails as potentially hazardous. Consider disabling the digital signature feature in your antivirus program to see if it resolves the problem.
