Google boosts Gmail's anti-phishing feature

Web email service automatically shows sender's address to combat fake messages

Google this week added an anti-phishing feature to Gmail that automatically displays the sender's address for some messages.

The move is designed to help users spot suspicious messages that try to dupe people into divulging their Gmail log-in credentials or other personal information.

Starting Tuesday, Gmail began showing the sender's email address on all messages from people the recipient had either not sent mail to or were not in his contact list. Additionally, messages sent via a third-party firm -- such as an email marketing bulk mailer, which are often used by retailers to blast out deals -- now automatically display the sending address.

"If someone fakes a message from a sender that you trust, like your bank, you can more easily see that the message is not really from where it says it's from," said Google software engineer Ela Iwaszkiewicz in a post to the company's Gmail blog on Tuesday.

Previously, Gmail users could expose the sender's address by manually clicking on a "show details" link in the email service's interface.

Google published more detail on the new anti-phishing feature on the Gmail support site.

According to that page, Gmail will stop showing the full address of a sender once the recipient communicates with the sender, either by replying to emails or adding the address to Gmail's contact list.

Google uses the message header to uncover the sender's email address, and whether the message was transmitted via a third-party domain.

Other Web mail services lack a similar feature. Microsoft's Hotmail, for instance, will display the sender's address at the user's command, but does not do so automatically. In Hotmail's case, hovering the mouse over the sender's name displays a pop-up that shows the full address.

Google has acknowledged several aggressive phishing attacks aimed at Gmail users, most recently earlier this month when it accused Chinese hackers of running a months-long campaign to hijack the accounts of senior U.S. and South Korean government officials, military personnel, Chinese activists and journalists.

Hackers had sent spoofed email messages purportedly from friends or colleagues that included a link to a fake Gmail login page, which the criminals used to collect usernames and passwords.

China denied that its government was responsible for the attacks.

Data breaches at a host of high-profile companies, from the mass mailer Epsilon to Sony, have also revealed millions of email addresses this year, and put ammunition for targeted phishing attacks -- called "spear phishing" -- in hackers' hands.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is

Copyright © 2011 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon