Filter and red-flag login from new browser security warning messages

The login from new browser seen security warning messages are a good idea, but there are a number of problems. Firstly it is unclear what counts as ‘new’. The messages should not be frequent red herrings / trivial false alarms as this is dangerous because users will simply start to ignore everything in the noise. Suggestions: (1) whitelists - accept-all - filter by ‘known good’ prefix classification, optionally. If selected by the user, auto-add all the user's current address ranges. (2) Cookies, to help matching. (3) ‘Red flag level’ classifiers, of various types, to elevate the status of definite bad things, with description of category/reason, based on non-match / inequalities, examples might be (i) regex match and non-matches on user-agent string, (ii) IP address outside all known ranges. (4) explanations in messages - mentions of categories / reasons for each alert, stating the type of difference or non-match that triggered it. Creativity. (Whole problem a bit like users’ classifier rules in email servers.)