Email that proves itself

Email has two directions — and the surprising part is who checks the proof.

In ([email protected]): when someone emails us, their server looks up our MX record in DNS and delivers to the Hostinger mailbox. MX is read by the sender.

Out: when we send, the recipient's server (Gmail, Outlook) checks three records we publish — SPF (which servers may send as us), DKIM (a tamper-proof signature on the message), and DMARC (what to do if those fail, plus reports) — to confirm the mail is really from pangaea.id. They're our identity, verified at the other end.

The mailbox lives on Hostinger; the records now live on Cloudflare (grey-cloud), and we read + send sales@ straight from a normal Gmail. The full how-it-works is in Email DNS: MX, SPF, DKIM, DMARC →. The migration-day version — carrying the mail across without dropping it — is here.