Are you seeing a yellow ‘be careful with the message’ warning in Gmail?
Gmail displays different variations of this warning if it thinks someone might be misusing your email address. Sometimes this can be a false positive.
In this article, we’ll explain how to set up your emails to reduce the number of Gmail errors or warnings.
Why Do I See ‘Be Careful With This Message’?
Google automatically adds ‘be careful with this message’ to emails that could be suspicious.
When Google detects a potentially malicious email, Gmail and Google Workspace users see a warning in a colored bar at the top of the email.
Along with the warning, you might see text like:
- This email claims to come from example.com, but replies will go to an email address at another domain.
- This may be a spoofed message. The message claims to have been sent from your account, but example.com Mail couldn’t verify the actual source.
- Gmail couldn’t verify that example.com actually sent this message.
Sometimes senders will be marked with a question mark icon. When you hover over it, you’ll see the text, ‘yourdomain.com couldn’t verify that example.com actually sent this message (and not a spammer)’.
If you’re seeing ‘be careful with this message’ warnings, don’t worry. Your emails will likely still be delivered.
But any Gmail warning or error is still a problem because:
- People might think your emails are spam or not trustworthy.
- Recipients might hit the Report Spam or Report Phishing button in the warning box, which could cause problems with email deliverability.
- You might have missed a step when setting up your contact form, and that could mean important messages are already being filed as spam. This can affect deliverability for any contact form plugin such as Ninja Forms (see Ninja Forms emails not sending).
You can’t shut these warnings off completely, but you can correct your email and contact form settings. This reduces the chance that your recipients will see them.
How to Fix ‘Be Careful With This Message’ Error in Gmail
In This Article
1. Check Your DMARC, DKIM, and SPF Records
The WP Mail SMTP plugin lets you send emails from your WordPress site through a 3rd party mailer service. This is a great way to improve email deliverability from WordPress because these mailer services can add verification to your emails.
But for this to work properly, you may also need to set up DMARC, DKIM, and SPF on your domain.
DMARC, DKIM, and SPF add verification data to the email header, which is the technical part of the email we don’t normally see. Without that data, Gmail will assume the email is suspicious because the From address doesn’t match the server that was actually used to send the message.
You can run into this issue any time you use a 3rd party mailer service to send emails. For example, it’s also quite common when you send out email newsletters.
The best way to fix this is to check that your DMARC, DKIM, and SPF records are working.
Solution: Check Your DNS Settings
DKIM, SPF, and DMARC are
TXT lines in your domain name’s DNS record.
To learn how to edit the DNS, check the documentation for your mailer service. If you’re using WP Mail SMTP, you can jump to the instructions using these links:
- Amazon SES
- Google / Gmail
- Microsoft 365 / Outlook.com
- Zoho Mail
- Other SMTP (e.g. your ISP’s SMTP server)
Review the requirements for setting up DMARC, DKIM, and SPF records, then check each record using MXToolbox to make sure it’s valid.
If you need some extra help, check out our tutorials on:
2. Check the From Address in All Plugins
In WordPress, you might have multiple plugins all sending emails using their own templates and settings.
For example, your contact form plugin and your backup plugin might have different From email addresses. One might be sending email from your preferred From address, but another might be sending emails from the site admin email address or even a completely made-up one.
For example, Contact Form 7 defaults to using a From address of [email protected][your-domain], which is the default From address in WordPress.
To resolve email problems and make your WordPress site easier to manage, we highly recommend that all of the plugins on your website should use the same From address. This should ideally be an email address at your domain that actually exists.
Solution: Force the From Email in WP Mail SMTP
WP Mail SMTP makes it easy to send all of your emails from the same From address.
You can easily enable this by clicking Force From Email checkbox in the plugin settings.
When you click this, each plugin on your WordPress site will use the From address you’ve chosen instead of its own random or invalid address.
This helps to make sure that all of the emails from your site are validated.
If the Force From Email checkbox is grayed out, it means that your mailer requires this setting to be turned on and WP Mail SMTP has already taken care of it for you.
3. Use Different From and To Addresses
WP Mail SMTP has a test email feature that makes it easy to check that your WordPress emails are working.
But you might see a Gmail warning if you send the test email to the same email you used as your From address.
This can also happen with some plugins that send notifications. They might send emails to and from the same address like this:
This email has a Google Workspace From address, but it isn’t sent from Google servers. So if you send it to yourself, it might trigger a ‘be careful with this message’ warning.
Nobody else will see this particular error, but it can be confusing because it looks like there’s a problem with your emails.
Solution: Use a Different Email Address for Testing
In WP Mail SMTP, try sending your test email to a different email address and not the From address you set up in the plugin.
This should remove the error and reassure you that your emails are working.
Additionally, if you’re seeing this error from specific plugin notifications, take a look and see if you can change the sender address for the notifications.
Here’s an example from WPForms. In the settings, we can send form submission notifications using the From address that matches our domain, but we can also have plugin notifications sent to a different email address.
WP Mail SMTP also has an email error logging feature that helps you troubleshoot problems if your WordPress emails aren’t sending for any reason.
And that’s it! We hope these tips helped you to reduce the number of ‘be careful with this message’ warnings in Google Workspace or Gmail.
Next, Fix WordPress Emails Going to Spam
Are your WordPress landing in the junk mail folder? This often happens if your DNS records aren’t set up correctly, or you’re on a spam blacklist.
To troubleshoot this, check out how to fix WordPress emails going to spam. You can also see this in-depth guide if your Divi contact form is not working.
Or if you’re using Gravity Forms and need troubleshooting help, check out our post fixing Gravity Forms notification issues.
Ready to fix your emails? Get started today with the best WordPress SMTP plugin. WP Mail SMTP Elite includes full White Glove Setup and offers a 14-day money-back guarantee.
If this article helped you out, please follow us on Facebook and Twitter for more WordPress tips and tutorials.
This doesn’t really do me any good at all and it’s a real pain. I run a small online store. I’m the only one in my “organization’ so ALL my emails come from outside my domain. Messages from MY online store all get branded with “Be Careful With This Message” that wastes space and takes time to get rid of. I really want to disable it but apparently I can’t.
I’m sorry to hear you haven’t been able to resolve this issue on your site.
This could be happening because you’re sending emails FROM and TO the same email address. For example, if your store emails are sending from “[email protected]”, and they’re also sent to “[email protected]”, you’ll typically get this warning in Gmail. Nobody else will see this warning except you. If you wanted to remove it, you could change the FROM email to another valid email in WP Mail SMTP, which should stop it from happening.
If everyone is seeing this message on your emails, it’s likely an issue with your DNS records. Our support team can help you to track this down. If you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.
Otherwise, we provide limited complimentary support in the WP Mail SMTP WordPress.org support forum.
I am not receiving messages sent from my word press in my google email.
When I set up I sent an email and got a message it had been successful.
Several emails have come with a message warning that google was suspicious about abs when I’ve opened them their is no message and it’s come from my email address ?
If you don’t see any messages, you may have configured the form plugin incorrectly. If you’re using a plugin like WPForms on your site, here’s how you can set up form notifications correctly. If you’re using a different plugin, you need to check their documentation to set up form notifications accordingly.
Also, make sure that you have configured a mailer by following our complete guide to mailers.
If you need some extra guidance with this and you have a WP Mail SMTP license, you have access to our email support, so please submit a support ticket.
Otherwise, we provide limited complimentary support in the WP Mail SMTP Lite WordPress.org support forum.
I’m getting that spam bar that you showed from addresses I know are good. The problem I’m having is that when I click on the “It looks OK” on that bar, it still disables all the links in the email, such as resetting my password links.
What’s the email client (or browser) that you’re using to view your emails? Also, did you experience that issue on your desktop PC or on a mobile?
Once we have more information, we should be able to assist you further.
I already followed the steps given above, unfortunately the issue still persisted.
Actually previously not issue at all , but lately this issue show up on my gmail.
Kindly advise, what the root caused?
Most probably your SPF, DKIM, and DMARC records are not set up correctly. Try sending a test email (WP Mail SMTP -> Tools) to this online tool and check your report. Based on the report, you should be able to fix it.
I run a couple of websites for local government with .gov.uk domains – I also provide email services through the same ISP. It being government they are pretty hot on secure config of email via the National Cyber Security Centre. I have had my DMARC, SPF and DKIM configs checked and they are all reported as well configured.
CPanel on the server also reports good config and no issues.
However one member of staff for the organisation this has been set up for receives ‘Careful With this Message’ with every message from me or her colleagues from that domain . She uses Gmail to receive these messages. This only started happening a few weeks ago. When I send the same messages to my Gmail account and use the same app I do not get a warning.
When I examine the headers on the message received to my Gmail everything passes – when I look at the headers on the message with a Gmail warning there is a DMARC temperror
Any help would be appreciated
The TempErrors are normally caused by DNS issues that cause DNS record lookups to fail. Fail messages that result in the Fail result should apply the action defined by the domain owners DMARC policy.
In your case, ask that user to click on the “Looks Safe” link.
We have a domain. Lets call it bob.com.us and it has nothing to do with gmail. I check [email protected] emails with pop3 through the gmail interface. Any messages from another user @bob.com.us now gets this annoying banner. The messages are not marked as secure cause they are not leaving the bob.com.us server until they get to gmail. This is so frustrating.
As explained in this article, you need to set up SPF, DKIM records correctly on your domain to resolve this issue.
Get in touch with your hosting support and they should be able to assist you accordingly.
I’ve had the same issue with clients and Gmail flagging their messages with the yellow banner and went through a two-week in-depth investigation with our server providers. We finally discovered that if emails are sent from the same domain (or server in our case), then a “local delivery” is performed, meaning that the messages does not go through an external server. The SPF record that our server provider supplies does not cover this and as such, no SPF/DKIM/DMARC lookup is performed.
When Gmail downloads these emails, it sees the client’s IP address as the sending server and as this is not listed in the SPF record it marks it as spam.
Although the above information does not solve the Gmail yellow banner issue, at least we now know why this happens. Hopefully this information will help some of you.
Thank you for taking the time to share your experience.
I will forward those details to our developers for further review.
I’ve tried many times but Issue remained the same. I think this due to my business uses Yandex mail server and Yandex is Russian company.
Could you please try sendig a test email (WP Mail SMTP -> Tools) to this online tool to check your email deliverability? According to the report, you may adjust your SPF, DKIM records.
Or else, you can try reporting this issue to the Yandex support, and they should be able to assist you further.
This is all above my pay grade. I have 2 people that send me emails and every time it comes to my inbox I get the dreaded yellow “Be careful with this message” box. Is there a way that I can “right-click” and let my gmail know that the sender is safe? I have no idea what WordPress or DNS/DMARC/DKIM even means. Thanks
Did you receive those emails through your WordPress site? And, what’s the mailer that you have configured on your site?
As soon as we have more information, we should be able to assist you.
Darshana, I am in the same place as Steve: I am a simple guy reading my email with Gmail. I do not have a website. I do not have forms. Email arrives and I open it. I am not a developer and don’t know what you mean when asked “what mailer is being used.”
I receive emails from one friend that always cause the yellow pop-up. I know they are safe – but there is no option on these pop-ups that allow me to say that emails from this guy are safe. The only options provided are “Report spam” and “Report phishing,” neither of which is true.
How can I – the dumb end-user – get rid of the yellow pop-ups?
First of all, you need to set up a mailer on your WordPress site. You can see all the available mailers here and configure a mailer of your choice.
Or else, please get in touch with your hosting/email support, and they should be able to configure a mailer on your site. Once you configure a mailer, your emails will be delivered correctly using an authenticated email account.
I’m the receiver, not the sender so how do I fix it.
The waffle about WordPress etc. doesn’t apply to a receiver of such messages.
I just want to get rid of that large yellow bar. I’ve told such messages not to go to spam and they are not going to spam.
It is your gmail service that is putting the yellow bar on good emails and emails that have come from those sources that have been OK for years.
The WP Mail SMTP plugin is only an integration service. When a WordPress site sends an email, the actual email will be sent from the WP Mail SMTP configured email account (those emails will be saved under outbox/sent items of that specific email account).
If those emails are not coming from your WordPress site, you can click the “look safe” button to notify Google.
Can’t you create a filter to ignore the yellow bar? This is incredibly annoying. Half the emails we receive has this.
Thank you for the suggestion! Unfortunately, there is no specific option to disable Gmail’s warnings and alerts.
You can check whether your SPF, DKIM, and DMARC records are set up correctly. To do that, try sending a test email (WP Mail SMTP -> Tools) to this online tool and check your report. Based on the report, you should be able to fix it.
Is there any possibility the email with this sign is not received by the receiver? I have argue with my Professor, since I didn’t received important email from particular sender but my professor said it already sent to my email and cc to her (she show me the screen shoot of the email and have this sign). I check my spam, delete mail, all mail and nothing happen in my email. I didn’t received it.
What setting should I do to make this kind of email can sent to my account?
If you’re referring to work email, please get in touch with your administrator or email support and ask them to check your email filters. They should be able to check your email logs and trace that specific email that you missed.
Where is the “ looks safe” button?
You should be able to locate that button within the warning.
In case it helps, please refer to this screenshot.
I hope this helps. Thanks!