Authentication icon for verified senders
Spammers can spoof a message to make it look like it's sent by a real website or company that you might trust. To help protect you from such messages, Google tries to verify the real sender using email authentication. As an additional security measure, you can enable the “Authentication icon for verified senders” lab.
How the lab works
If you enable this lab, you will see a key icon next to authenticated messages from trusted senders, such as Google Wallet, eBay, and PayPal, who match the following criteria:
- Send a high volume of messages over time that most Gmail users think are not spam.
- Publish a DMARC reject policy, which means that the domain only sends authenticated mail and any unauthenticated mail sent by the domain should be rejected.
Enable the lab
- On your computer, open Gmail.
- In the top right, click Settings .
- Click Settings > Labs.
- In the "Authentication icon for verified senders" section, select Enable.
- At the bottom of the page, click Save Changes.
Frequently asked questions
What should I do if I see this icon?
You can trust that the message was in fact sent by the trusted domain.
What should I do if I receive a message from a trusted sender and it doesn’t have the icon?
You should treat such messages suspiciously. These messages may be scams aimed at collecting your personal information, which is known as phishing. Never reply to suspicious messages with your personal or financial information or fill out forms or sign-in screens that might be linked to from these messages.
This icon may not show if you are forwarding your mail, so we recommend following these best practices for email forwarding.
How do I know if a message I received should have the icon?
You can check if the domain has a DMARC reject record published using this DMARC Inspector tool. The domain should have “p=reject” in the record to be eligible for this feature. Currently, only a few domains are supported by this program.