We can invent a new e-mail header X-Confidential: true, and clients will start to adopt the warning behavior over time. If Gmail supports it off the bat it will already cover a huge fraction of the market.
When designing APIs I find that bools are often a smell or a missed opportunity. What if, for example, there was an X-Intended-Audience?
That could be integrated with Active Directory, Groups, IAM etc within an organization to make the warning only pop up when a potential violation is occurring which helps avoid seeing the warning so often that it gets ignored (or accidentally send to the wrong confidential party as in medicine or law). It could also inform IT after the fact.
Or we can build a system that just works and doesn't rely on adoption by other clients. Yes if we had a header that everybody used and respected it would work. But that's a lot harder.
