I see that mark in the mail I received - which looks legit and contains no links to anything but the official resources - but what I don't know is if you mean to indicate that this string means the mail is legit or phishing.

DNS can't go wrong. If it says the domain resolves to an IP that is permitted it's from Google.

Anyone can change the "Sender" field on an e-mail, even Outlook lets you do. You can't beat a domain verification though. I had a failed phishing attempt I was going to show the authentication results in the header from it but apparently deleted them earlier.

Obviously follow the stuff listed above but as yet another checkpoint the header information in a e-mail doesn't lie. You'll see something bogus like noreply@us.battle.net.worldofwarcrack.kr where it showed noreply@us.battle.net on my example.

So... DNS can't go wrong?

Its an external resource thats outside of your control, nothing can ever go wrong there. Ever. Perfectly safe.

@wow

yes. If the DNS records were compromised, you'd get far worse problems than fake emails. the DNS records is what makes http://battle.net lead to Blizzard. If those were compromised, you wouldn't get to Blizzard, you'd get to wherever the hacker wanted you to go. It would basically be equivalent to hacking the whole web.

Now, what sean.aikins showed wasn't the DNS, it was spf. That's a related system where companies (or other sites) can register to increase their email authentication security. As long as those records show a "passed" instead of "failed" or "neither pass nor fail", it should be ok. But only as long as Blizzard uses that layer of security.

@Hanak I know. My response was meant to be a very sarcastic response to the statement that "DNS can't go wrong". The moment you put implicit trust in an external resource you might as well give up the security game then and there.