Check if your Gmail message is authenticated

If you see a question mark next to the sender's name, the message isn't authenticated. When an email isn't authenticated, it means that Gmail doesn't know if the message has come from the person who appears to have sent it. If you see this, be careful about replying or downloading any attachments.

Check if a message is authenticated

Note: Messages that aren't authenticated aren't necessarily spam. Sometimes, authentication doesn't work for real organisations that send emails to big groups, such as messages sent to mailing lists.

Check Gmail messages
  1. On your Android phone or tablet, open the Gmail app Gmail.
  2. Open an email.
  3. Tap View details and then View security details.
  4. The message is authenticated if you see:
  • A "Mailed by" header with the domain name, such as google.com.
  • A "Signed by" header with the sending domain.

The message isn't authenticated if you see a question mark next to the sender's name. If you see this, be careful about replying or downloading any attachments.

Check messages in another mail client, like Outlook

If you're checking your emails in another email client, you can check the message headers.

Learn more about how authentication works (SPF and DKIM)

Emails can be authenticated using SPF or DKIM.

SPF specifies which hosts are allowed to send messages from a given domain by creating an SPF record.

DKIM allows the sender to electronically sign legitimate emails in a way that can be verified by recipients using a public key.

Fix messages that aren't authenticated

A message that I've received hasn't been authenticated

If a message that you receive from a trusted source isn't authenticated, contact the person or company that sent you the email. When you contact them, provide a link to this help page so that they can learn how to authenticate their messages.

A message that I've sent from my domain hasn't been authenticated

If a message that you've sent has arrived with a question mark "?" next to your email address, the message hasn't been authenticated.

Messages must be authenticated to make sure that they're classified correctly. Also, unauthenticated messages are very likely to be rejected. Because spammers can also authenticate emails, authentication by itself isn't enough to guarantee that your messages can be delivered.

Fix messages that aren't authenticated

First, make sure that messages that you've sent are authenticated using DKIM (preferred) or SPF.

Next, take a look at these tips for sending bulk messages with Gmail:

  • Use RSA keys that are at least 1024 bits long. Emails signed with less than 1024-bit keys are considered unsigned and can easily be spoofed.
  • Gmail combines user reports and other signals with authentication information when classifying messages. Authentication is mandatory for every email sender to ensure that your messages are correctly classified. For best practices, see Gmail's Bulk Senders Guidelines.
  • Learn how to create a policy to help control unauthenticated emails from your domain.
Was this helpful?
How can we improve it?