SPF is basically a record of email servers/IP addresses that the domain authorizes to send emails. So you can't send a fake email from @hexbear.net from another IP address.
DKIM is a digital signature for outgoing emails, the public key is available on their DNS records so recipients can verify the key (signed with the sender's private key) in the email header of the message they received.
DMARC is a policy that allows or quarantines emails received based on if they fail SPF or DKIM checks. These can be adjusted to allow emails through that aren't signed via DKIM.
Edit: Current email clients use icons similar to web browsers for this. Secure/insecure lock icons.
I don't know how this would be different from Twitter checkmarks. This isn't necessary at all, since we can already verify an email from corporation.com was sent and signed by their email servers using open standards.
They might require Google Verified companies to have passed a certain level of security audit, or have baseline security measures, to receive a checkmark.
Or route their emails through Google's servers or store a copy of their DNS/SPF records on Google infrastructure.
99.9% of the planet doesnt know what youre talking about. How is this different than how Twitter checkmarks used to work?
SPF is basically a record of email servers/IP addresses that the domain authorizes to send emails. So you can't send a fake email from @hexbear.net from another IP address.
DKIM is a digital signature for outgoing emails, the public key is available on their DNS records so recipients can verify the key (signed with the sender's private key) in the email header of the message they received.
DMARC is a policy that allows or quarantines emails received based on if they fail SPF or DKIM checks. These can be adjusted to allow emails through that aren't signed via DKIM.
Edit: Current email clients use icons similar to web browsers for this. Secure/insecure lock icons.
I don't know how this would be different from Twitter checkmarks. This isn't necessary at all, since we can already verify an email from corporation.com was sent and signed by their email servers using open standards.
i should have said "How is Google checkmarks different than how Twitter checkmarks used to work?"
sorry. I'm in IT so I know what that stuff is. We get DMARC fails alllllll the time at my job.
It looks like it's something you have to register for, unlike the old Twitter checkmarks. As I look into it, the level of detail is quickly overwhelming my level of interest, but my impression from a skim of this Google blog post about Gmail's implementation of the 'BIMI' standard which is being expanded to now show checkmarks is that Google's BIMI implementation lets businesses register with them so that their DMARC authentication is integrated into Gmail's UI
They might require Google Verified companies to have passed a certain level of security audit, or have baseline security measures, to receive a checkmark.
Or route their emails through Google's servers or store a copy of their DNS/SPF records on Google infrastructure.
deleted by creator