When I receive the email notification saying "Your Shaw bill is ready", Gmail indicates that the message is unencrypted and unauthenticated:
Why isn't Shaw using encryption and authentication on these emails?
These articles on the Gmail Help site explain what encryption and authentication are:
Check the security of your emails - Gmail supports the industry-standard Opportunistic TLS encryption mechanism to protect users' messages from being read by unauthorized individuals while in transit. This only works when the sender also supports encryption however, and right now the system sending the e-bill notifications does not support encryption.
Check if your Gmail message is authenticated - Gmail indicates to the user if the sender of a message has not implemented DKIM or SPF to authenticate their messages. This helps make users aware of phishing attempts. However, when a legitimate sender like Shaw does not properly implement either of these protocols, then users are left guessing about whether the email is legitimate. Even worse, this conditions them to ignore these signals about potentially malicious content.
Here's a snippet from the headers of one of these messages which may help your security department address part of this issue:
Received-SPF: permerror (google.com: permanent error in processing during lookup of firstname.lastname@example.org: cbsprd.shaw.ca not found) client-ip=126.96.36.199;