[dimino]

What if Google validated PGP signatures for you from trusted, popular certs?

They'd have Facebook's pubkey on file, and -- transparent to you -- would create something analogous to my browser's lock icon in their email browser. Any time you got an email from Facebook, it'd say "Verified Sender".

Heck, couldn't we tie mail from Facebook back to their domain cert given to them by their CA? If it says @facebook.com, and it's passes verification from the cert on facebook.com, then it's actually from Facebook, right?

[bbrazil]

This has been done for some time already via DKIM and DMARC, which anyone can configure.

https://support.google.com/a/answer/174124 https://support.google.com/a/answer/2466580

[eitally]

Thanks for noting this. A lot of discussion about email encryption and security is clearly from the consumer POV, and most people seem to be unaware of things enterprises already do (using commonly available tools & settings) to secure email. Not that it replaces message encryption via S/MIME or PGP, but companies like https://www.mailvelope.com/ and https://www.virtru.com are trying to help with that.