Submitted via IRC for TheMightyBuzzard
Google announced back in February 2016 that it planned to improve Gmail security by adding new security indicators to the service.
One of the improvements was the introduction of a new red question mark icon in place of the profile photo, avatar or blank icon to highlight unauthenticated emails.
Google announced yesterday that the roll out of the feature started, and that Gmail users on the web and on Android will soon notice the new red question mark icon for unauthenticated messages.
[...]
Google's method for determining the authenticity of a message is the following one: if a message can't be authenticated using DKIM or Sender Policy Framework (SPF), it is marked as unauthenticated.
Gmail, on the web, displays profile icons only when an email is selected, but not in the email listing itself. This means that you will have to click on a message to find out if it is authenticated or not.
Source: http://www.ghacks.net/2016/08/11/gmail-question-marks-unauthenticated-senders/
(Score: 2) by Whoever on Saturday August 13 2016, @03:24AM
SPF can be more difficult to set up than is obvious. The problem is that SPF specifies a limit of 10 DNS lookups. Some email services (such as Yahoo) actually limit their SPF analysis to 10 DNS lookups.
10 lookups may sound like a lot, but if you include any other domains' SPF records, the number of DNS lookups can be more than the limit very easily. Also the "mx" and "ptr" items in SPF can trigger a few lookups.
DKIM isn't that hard to set up. I have done it for a couple of domains along with OpenDKIM, perl's Mail::DKIM and Postfix.