3

Conceptually, "THIS EMAIL IS FROM AN EXTERNAL SENDER" warnings should be useful at preventing phishing or spoofing attacks. If "your boss" asks you to buy a bunch of gift cards and you see that warning, maybe you catch it.

With so many legitimate external emails received, I'd imagine users may get a sort of banner blindness and not even see them, reducing the effectiveness of the warning.

Is there any data-backed research that shows the effectiveness of external sender warnings?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Nate Lowry
  • 131
  • 1
  • I can certainly attest to the **harm** these warnings present: when you report such a marked-up message as a threat, we have to flag your submission as unusable because we don't want our systems to train on the warning text or link rewrites, especially if users don't report a balanced set of good vs bad emails. – Adam Katz Aug 18 '21 at 21:33

0 Answers0