[pera]

My first concern is, if nowadays is so easy to get your certs signed by a CA how can "Authenticated/Encrypted" emails successfully prevent phishing attacks? In my modest opinion there are many week points in X.509 and how CAs are verifying identities, and even if this things were fixed you still have the problem of state-sponsored attacks that have no solution within the current www pki. I personally have no problem if Google wants to add some icon in the UI, but I share OP's concerns.

[caf]

The use of TLS (which is what uses a CA-issued certificate) isn't to prevent phishing attacks, it's to prevent emails being read or modified in transit.

DKIM (which does not use a CA-issued certificate, it uses a public key published in DNS) is the technology that's intended to authenticate the email sender. It still wouldn't stop phishing attacks where the purported email sender is something like "admin@facebook-account-verification-2016.net" though, and I don't know that there really is a good technical solution to that sort of thing.

[lucaspiller]

> to prevent emails being read or modified in transit

Except everything you send and receive with your Gmail account is read by them and whatever government agencies anyway... So what's the point?