

Gmail now has a (temporary) notice upon sign-in that you're forwarding some mail - tnorthcutt
https://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=1355569

======
glimcat
Given that mail forwarding is buried in the settings where users will almost
never see it, this is a very significant security measure.

------
keyle
It's really annoying. What's wrong with letting me click it OFF? I'm all for
security. But not at the cost of usability. Red box in my face makes me hate
my mail.

~~~
zck
If they let you turn it off, then the person who got your password and started
forwarding the mail would turn it off, and you'd never see it. If they let you
turn it off, there's no reason to have the message in the first place.

~~~
craz
I suppose they could limit the warning to once per IP address (or set a
cookie) and reset it whenever your forwarding settings change.

~~~
willscott
That wouldn't protect you in the scenario where someone had limited physical
access to your machine.

Edit per the response: I don't think this is a threat model that you would
care about in theory, but it seems like a scenario that can come up fairly
often in the real world. Especially in family or school settings, someone else
will often have short durations of access to your machine. These people aren't
often going to be technically literate enough to install key loggers or really
mess up your machine, but they may well be able to quickly set up forwarding
of your email to their account.

~~~
craz
True. Alternatively, given they know how often a person checks their email,
they could show the warning for some multiple of that time (with a lower limit
e.g. show for at least 1 week).

------
dfischer
I'm glad GMail has security in mind. This is very important to finding out if
your account has been compromised or not.

------
MichaelApproved
Incidentally, I saw this message while viewing the help page:

 _"Update your browser!

Gmail runs faster on new web browsers. Upgrade your browser for free to get
the latest speed and security updates. Update your browser"_

Nice to see when I'm using Google's Android OS on my Droid 2.

------
kirinkalia
We've just posted a story about this on the LAUNCH blog -- Google PR person
said this was not in response to any incident (and yes, the notification is
temporary).

