
Why you shouldn’t trust Gmail’s new TLS icon - Bino
https://halon.io/blog/gmails-new-tls-icon/
======
dendangly
They don't need DANE, they validate certificates signed by a CA
[https://support.google.com/mail/answer/21291?hl=en](https://support.google.com/mail/answer/21291?hl=en)

~~~
soetis1
You obviously didn't read the link you posted. Email servers cannot do name
verification with CAs, because there's no mapping to the domain/MX
[http://www.postfix.org/TLS_README.html#client_tls_verify](http://www.postfix.org/TLS_README.html#client_tls_verify)

