Check if your Gmail message is authenticated

If you see a question mark next to the sender's name, the message isn't authenticated. When an email isn't authenticated, it means that Gmail doesn't know if the message has come from the person who appears to have sent it. If you see this, be careful about replying or downloading any attachments.

Want to get more out of Google apps at work or school?  Sign up for a Google Workspace trial at no charge.

Check if a message is authenticated

Important: Messages that aren't authenticated aren't necessarily spam. Sometimes, authentication doesn't work for real organisations that send emails to big groups, such as messages sent to mailing lists.

Check Gmail messages
  1. On your computer, open Gmail.
  2. Open an email.
  3. Below the sender’s name, click the down arrow Down arrow.

The message is authenticated if you see:

  • A ‘Mailed by’ header with the domain name, such as google.com.
  • A ‘Signed by’ header with the sending domain.

The message isn't authenticated if you see a question mark next to the sender's name. If you see this, be careful about replying or downloading any attachments.

Check messages in another email client, such as Outlook or Apple Mail

If you're checking your emails in another email client, you can check the message headers.

  1. Open an email message.
  2. Find the 'Authentication-Results' header.
  3. If the message was authenticated by SPF or DKIM, you'll see 'spf=pass' or 'dkim=pass'.
Learn more about how authentication works (SPF and DKIM)

Emails can be authenticated using SPF or DKIM.

SPF specifies which hosts are allowed to send messages from a given domain by creating an SPF record.

DKIM allows the sender to electronically sign legitimate emails in a way that can be verified by recipients using a public key.

ARC checks the previous authentication status of forwarded messages. If a forwarded message passes SPF or DKIM authentication, but ARC shows that it previously failed authentication, Gmail treats the message as unauthenticated.

Learn more about email authentication.

Fix messages that aren't authenticated

A message that I've received hasn't been authenticated
If a message that you receive from a trusted source isn't authenticated, contact the person or company that sent you the email. When you contact them, provide a link to this help page so that they can learn how to authenticate their messages.
A message that I've sent from my domain hasn't been authenticated

Important:

  • Do not use the DKIM length tag (l=) in message headers. This tag makes messages vulnerable to spoofing.
  • If a message that you sent arrived with a question mark '?' next to your email address, the message wasn't authenticated.

Messages must be authenticated to make sure that they're classified correctly. Also, unauthenticated messages are very likely to be rejected. Because spammers can also authenticate emails, authentication by itself isn't enough to guarantee that your messages can be delivered.

Fix messages that aren't authenticated

Make sure that messages you sent are authenticated using DKIM (preferred) or SPF.

You can use these steps to prevent your emails from being blocked by Gmail:

  • Use RSA keys that are at least 1024 bits long. Emails signed with less than 1024-bit keys are considered unsigned and can easily be spoofed.
  • Gmail combines user reports and other signals with authentication information when classifying messages. Authentication is mandatory for every email sender to ensure that your messages are correctly classified. 
  • Learn how to create a policy to help control unauthenticated emails from your domain.
Search
Clear search
Close search
Google apps
Main menu
9589279705997113774
true
Search Help Centre
true
true
true
true
true
17
false
false