What’s the difference between visible and authenticated identity?

Visible identity is what recipients see in their email client: the From name, From address, and displayed content. This is the human facing representation of who sent the message.

Authenticated identity is the technical verification through SPF, DKIM, and DMARC. This confirms which domains authorized the sending infrastructure and signed the message content. Authentication is machine verified rather than visually presented.

The distinction matters because they can differ. A message might display "Brand Name" but authenticate under a different domain. DMARC alignment requirements address this by requiring authenticated domains to match or align with visible From domains.