A researcher has shown how an external sender could hide the “external sender”” warning from an email message. This happens because email security products and gateways are intercepting and scanning incoming emails for suspicious content. An attacker-crafted email that contains CSS instructions to override the warning’s CSS code (display rules) can make the warning disappear altogether. The researcher says this is not a bug in any email client app per se
Source: