On 9 February 2016, Gmail announced it would warn users when they receive e-mail that was not encrypted by the sender. After all, e-mail often includes personnal information, but has historically never been encrypted. A webmail might use https, an IMAP account is usually using encryption as well, but users do not have an easy way to know if the communication between two e-mail servers is encrypted. Gmail therefore introduced a small red open padlock in the e-mail header to warn users if the communication was not encrypted.
If you are affected by this change, contact your server hosting provider to make sure that their outbound SMTP e-mail server supports encryption. You can also use a commercial bulk e-mail delivery service, such as CiviSMTP or Mandrill. Having trouble with your hosting provider? CiviCRM has a list of recommended hosting providers specialized in CiviCRM hosting.
For more information on GMail's new policy, see the full announcement on the GMail blog.
