How do I verify emails from Kraken? (GPGMail)

Before you can verify emails from Kraken, you need to do a one-time setup:

  1. Import our public key for exchange@kraken.com
  2. Sign our public key

Click here if you use Enigmail instead of GPGMail.


We include a signature.asc file with all account notification emails and company announcement emails.

Note: these emails may come from noreply@kraken.com and noreply@email.kraken.com, but they still use the public key for exchange@kraken.com.

To verify the integrity of each email, you will need to:

(1) Check if it's signed

The checkmark in PGP/GPG email programs indicates that it is a signed email and that the email has not been tampered with during transit.

Signed-email.png

However, anyone can create a PGP key for any email address. That's why the next step is critical.

(2) Check if the signature is trusted

If you click on the signed checkmark to open the signature details, you should see it say "This signature can be trusted".

Signature-trusted.png


Troubleshooting

If the signature details say "This signature is not to be trusted", this most likely means:

  • you forgot to sign our public key, and/or
  • you forgot to set the "Ownertrust" of your own private key to "Ultimate"

If you've done both and the signature is still not showing as trusted, it may be a fake email. Please immediately reach out to our support team.

Signature-not-trusted.png