We'd like to inform you of a few enhancements we're making to our Webmail client. The purpose of these enhancements is to improve our ability to protect end users by warning them about messages that seem "suspicious", and provide them with some new warnings and useful information to encourage them to think twice before trusting messages in their mailbox.
Please read on to learn more about these enhancements, and let us know if you have any questions about how this may impact your end users.
First, we are introducing the concept of "Suspicious" email. It's based on specific patterns of failure in SPF, DKIM, and DMARC validation, but do not trigger a policy failure. Messages deemed suspicious are decorated with a warning in the message preview and pop-out window. If the Suspicious designation is due to a configuration problem with the sender, but the sender is legitimate, users can choose to trust the sender and suppress future warnings.
Second, we've added functionality to protect users from accidentally triggering malicious content from messages in the spam folder. They can view the basic content, but images, links, and attachments are not accessible while the message is in the spam folder. This forces users to drag the message out of the spam folder to interact with it. It re-enforces the stance that messages in the Spam folder are potentially dangerous, and care should be taken interacting with them.
Finally, we're making some updates to how we display sender discrepancy information. A common sign of phishing/spoofing messages is when the Friendly From email address (what users see as the message sender) does not match the Return-Path address (where the message came from). We've added information to the "From" field that shows when the primary domains of these two sender addresses do not match. Also, to help end users, we added a mouse-over help bubble to explain what "sent from" means.