Click here if you use GPGMail instead of Thunderbird

We include a signature.asc file with all account notification emails and company announcement emails.

Note: these emails may come from noreply@kraken.com and noreply@email.kraken.com, but they still use the public key for exchange@kraken.com.

To verify the integrity of each email, you will need to:

(0) Import our public key and sign it

This is a one-time setup you need to do before you can verify emails from Kraken:

• Import our public key for exchange@kraken.com
• Sign our public key

(1) Check if the email is signed

At the top of the message, you should see "Good signature from Kraken Exchange <exchange@kraken.com>".

This indicates that it is a signed email and that the email has not been tampered with during transit.

However, anyone can create a PGP key for any email address. That's why the next step is critical.

(2) Check if the signature is trusted

If the signature ribbon is in green, and the email icon has a red seal in the middle, this means it's trusted.

You can also check by:

• Clicking the "Details" button at the end of the signature ribbon.
• Select "View Key Properties".
• Look at the "Validity" field. 

Troubleshooting

If the signature ribbon is blue (rather than green), and the email icon has a blue question mark on it, this most likely means:

• you forgot to sign our public key, and/or
• you forgot to set the "Ownertrust" of your own private key to "Ultimate"

If you've done both and the signature is still not showing as trusted, it may be a fake email. Please immediately reach out to our support team.