I started using ProtonMail recently, and I notice that Gmail puts a big warning for emails originating from there. This is really insidious because it's teaching the users that any email that doesn't come from a Google approved source is sketchy. Interesting, I tried this with Tutanota and GMail and it was received just fine, perhaps only because Tutanota is not as of yet so well known as ProtonMail?

But this is definitely an interesting observation, and something I'll keep an eye on...

@marhaec yeah I'm really not sure how Google decides which addresses it will warn you about

@yogthos does this only happen with protonmail or also other domains?

@sid it definitely doesn't happen with every domain because I haven't seen this from any businesses like say GitHub,

@yogthos Is that definitely what it's complaining about? To me it reads as if it's saying "this <name> has never contacted you from this address _before_", which is not an unreasonable thing to flag - that the address it associates with the name has changed.

@ersatzmaus it's possible, but that's not at all clear what the root cause is

@yogthos It's just what @ersatzmaus said—it knows you have interacted with a "Dmitri Sotnikov" with one email address, and now you're getting mail from a "Dmitri Sotnikov" with a *different* email.

It's not evil, it's not anti-competitive. Google *does* do other things that qualify as those! But this is a pretty innocuous anti-phishing and anti-spoofing thing.

@varx @yogthos @ersatzmaus the question is whether they would show the same banner on email that was from the same display name but from a address; if they do then it's reasonable, if not it's an abuse of a monopolistic position.

@technomancy @yogthos @ersatzmaus I ran an experiment:

- My work email is hosted on Google Apps.
- My home email uses my own domain, and hosted on Fastmail. I sometimes send mail from home to work, because that is the cutting edge way of carrying files around in 2019.
- I have an old personal account that I've never used to *directly* send mail to my work address.
- All 3 accounts have the same name.

I sent an email from old-gmail to work-g-apps and it showed the same message Dmitri saw.

@varx @technomancy @ersatzmaus does the old Gmail account have the same name Google would match against?

Sounds like our working theory is that Google matches based on the name as opposed the provider.

I still feel this is invasive because Google is actively processing information regarding whom I interact with to make these kinds of decisions.

@yogthos @technomancy Man, Google is probably processing *all kinds* of information regarding who you interact with. They're an adtech company, at heart.

This particular usage doesn't bother me because it's not much different than maintaining an address book. Or, it's like a cache, they're hardly processing anything.

@varx @technomancy yeah this particular usage doesn't seem to be entirely offensive if it's just warning you that email from your contact is coming from a different address.

I ran in to the same problem when I changed my email address recently.

It's been enough to convince other people to also ween away from Gmail.

@yogthos this and various other things make me wonder if gmail even qualifies as Internet email (vs. a private email system with an Internet gateway) anymore.

@jbob I have same thoughts, platforms like Google and Fb aim to lock their users into their own private gardens, and actively discourage the flow of data between them and the rest of the internet.

@yogthos yeah, I’ve really noticed this running my own mail server. I haven’t verified it yet, but I suspect that gmail may not even qualify as SMTP protocol compliant.

They have brought us back full-circle to AOL, CompuServ, etc.

@jbob @yogthos

I think their approach might more usefully be considered malicious compliance

"benign" explanation 

"benign" explanation 

@yogthos yeah this sucks, all email that's not from the big corporate servers are having more and more trouble.

I run my own mail server which complies with all the rules such as SPL, DKIM and DMARC but many other mail servers don't bother looking at the rules they just block anything that's not from any of the popular corporate servers.

@aran @yogthos Knocking on the wood ... I do DKIM for a long time and it's mostly enough... Also DNSSEC on the domain. But I noticed that freshly registered domains get a penalty in scoring...

@yogthos quick test of this: If a user name changes hosts to something that normally doesn't raise this warning, does the warning appear? I.e. is it about the host, or about the change?

Because, "hey, this is a new domain name for this user, are you sure it's them?" is not a bad warning.

@yogthos WTF? I just tried and I didn't get that message :v

@yogthos from the wording this seems to be about a known name with a new address, not about ProtonMail though?

@yogthos It looks like the reason for that warning isn't because it's ProtonMail but because it's someone using the same name as one of your contacts (or someone you've exchanged email with) but a different email address.

@yogthos I like the double-wtf if the message box being inside the danger zone, so it's impossible to tell whether it's part of the e-mail or the gmail web client

@yogthos The problem is that a very large number of sketchy people are using protonmail now. Enough that folks I know are just blackholing the whole domain


I actually abree with warnings about them. Protonmail is widely regarded as a dishonest actor by security professionals. I regret giving them money.


Google doesn't pretend they won't or can't comply with a subpoena. Protonmail, on the other hand, pretends that both are impossible.

@yogthos I see where you're coming from. I work some with activists in places with narrow civic space and to be honest, these I'm happy for Google to prompt people to be careful.

@Argus yeah that's definitely a legitimate concern as well, so perhaps erring on the side of caution is better here.

Unfortunately, it also creates a lock in with Google. Now, I have to contact every person I interact with on gmail to let them know I have a new email account, and that it's perfectly legitimate. That creates quite a barrier for migrating off of it.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!