Skip to main content
Protocolo abierto — Proof of Origin · Proof of Intent · Action Verdict

El estándar abierto de
confianza antes de actuar.

SecureStamp defines verifiable signals to confirm origin, channel, declared intent and action before sensitive digital operations execute. Built for email, official channels, APIs, workflows and AI agents.

DNS TXT record

Publicar origen verificable

Email header

X-SecureStamp para mensajes firmados

REST API

Trust, Signal y Action Verdict

MCP Server

Trust checks antes del tool call

Protocol architecture

The three pillars of the protocol

Email, Signal and MCP share one logic: verify origin, channel and declared intent before action.

Email Proof Layer

Headers, DNS, signatures, domains and receipts to declare and verify origin in email communications.

DNS TXTX-SecureStampSPF/DKIM/DMARCTrust receiptsSender and domain

Official Channel Signal

WhatsApp, Telegram, web, QR, support and other contact points checked against the official perimeter declared by an entity.

Official numbersBotsHandlesLinksDeclared perimeter

MCP / Agent Trust Layer

Trust checks and Action Verdict so agents can consult signals before tool calls, APIs, workflows and sensitive operations.

MCP ServerTool call checksAction VerdictHuman approvalReceipts

All three pillars use SSF to transform technical and contextual signals into a simple response: trust, review, stop or request approval.

Protocol thesis

The new perimeter is the action.

First we defended devices against malware and trojans. Then we defended inboxes against phishing. Now we need trust checks before action.

Messages, events and prompts can trigger APIs, tool calls, workflows and digital money operations. SecureStamp proposes verifiable signals before a communication becomes an action.

The inbox was only the beginning.
Trust checks before tool calls.
If an agent can act, it needs a trust signal.

SecureStamp provides verifiable signals. It does not replace internal policies, permissions, sandboxing, human approval or existing security controls.

01

Devices

The first modern perimeter was the device: malware, trojans, dangerous files and local behavior.

02

Inboxes

Then risk moved to messages: lookalike domains, fake links, attachments, payment urgency and impersonation.

03

Actions

Now an instruction can open tools, call APIs, process invoices, move data or prepare payments.

04

Trust checks

SecureStamp checks origin, channel, declared intent and context before replies, payments, data sharing or workflows.

Channel agnostic

A channel-agnostic standard

SecureStamp is not designed for one inbox, app or industry. The protocol organizes signals around origin, channel, declared intent and action. It can apply to email, messaging, QR, websites, invoices, tickets, APIs, agents and digital money operations.

EmailWhatsAppTelegramWebQRInvoicesTicketsAPIsWorkflowsMCPAgentsDigital money operations

Agents and systems

If an agent can act, it needs a trust signal.

An agent should not rely only on message text or its own reasoning to decide whether to open a link, process an invoice, reply to a vendor, invoke an API or prepare a transfer. It can query SecureStamp for Proof of Origin, channel status, receipts and Action Verdict.

Verify domains before opening links.
Confirm official channels before replying.
Check origin before processing invoices or payments.
Validate identities before sharing data.
Query Action Verdict before invoking tools.
Register Trust Receipts for audit.
Add intelligent friction before sensitive actions.
Combine signals with internal policy and human approval.

MCP for agents

SecureStamp MCP Server

Developer preview

MCP lets AI applications connect with tools, data and workflows. SecureStamp MCP Server is the technical direction for agents to query trust signals before sensitive actions execute.

Developer preview / technical roadmap. It does not replace permissions, internal policy, sandboxing, human approval or existing security controls. It adds a verifiable query before the tool call.

check_domain_trust(domain)verify_sender_origin(email)verify_official_channel(entity, channel)inspect_link_before_action(url)validate_qr_destination(payload)check_payment_request(origin, amount, destination)get_action_verdict(action_context)register_trust_receipt(context)explain_signal_result(result)

Flujo conceptual

agent → securestamp.get_action_verdict(context) → trustState + reasons + receiptRef → allow / review / deny / human approval

Signal Framework

SSF: SecureStamp Signal Framework

SSF organizes origin, authentication, channel, content, context and action signals to produce a simple, auditable output readable by humans, systems and agents.

Origin Signals

Domain, organization, declared identity, sender.

Technical Signals

SPF, DKIM, DMARC, DNS TXT, headers, signatures, keys and receipts.

Channel Signals

Email, web, WhatsApp, Telegram, QR, API, support, billing and tickets.

Content Signals

Urgency, links, attachments, credentials, payment instructions and bank-account changes.

Action Signals

Replying, opening, paying, transferring, approving, sharing data, invoking tools or running workflows.

Verdict Layer

Trust, Signal and Action Verdict: a readable and auditable output before action.

Three proofs, one verdict

Proof of Origin answers where it comes from. Proof of Intent links communication, channel, context and verifiable intent. Action Verdict summarizes signals for humans, systems and agents before replying, paying, sharing data, invoking an API or running a workflow.

Proof of Origin

Where does it come from? Verifies domain, organization, channel, sender, stamp and technical signals.

Proof of Intent

What does it declare it wants to do? Links communication, channel, context and verifiable intent.

Action Verdict

Should this action be allowed? Summarizes signals before replying, paying, sharing data, invoking an API or running a workflow.

Trust Levels

Trust Level explains origin. Action Verdict helps decide the action.

Levels L1-L5 grade verifiable origin evidence. They do not claim that content is true or that an action should automatically execute.

L1

Registered

The domain or organization is registered in SecureStamp.

L2

Aligned

Technical signals such as SPF, DKIM, DMARC or DNS are aligned.

L3

Signed

The message, channel or event includes a signed and verifiable token.

L4

Notarized

A verifiable integrity reference or receipt exists for later audit.

L5

Certified

The organizational identity behind the origin was reviewed with additional evidence.

Verified origin does not mean approved action

Trust Level describes the strength of origin evidence. Action Verdict evaluates a concrete action using SSF, context and policy. A legitimate origin can still request an action that requires review.

Integration points

Four ways to declare and query trust

DNS TXT record

Publish a TXT record under _securestamp.<domain>. Verifiers resolve the subdomain and validate declared origin without inspecting private content.

  • v=1 — protocol version
  • id=<stamp_id> — verifiable identifier
  • url=<verify_url> — canonical verification URL
DNS zone
_securestamp.example.com.  3600  IN  TXT
  "securestamp=v=1;
   id=f47ac10b-58cc-4372-a567-0e02b2c3d479;
   url=https://securestamp.org/verify/eyJhbG..."

Email header

Inject X-SecureStamp into outbound messages so clients, plugins and gateways can query origin and status with signed signals.

  • Token signed by the sender or authorized node
  • Minimum claims: stampId, domain, orgId, score, exp
  • Public key or verifiable reference for validation
SMTP header
X-SecureStamp: v=1;
  token=eyJhbGciOiJFUzI1NiJ9.eyJzdGFtcElkIjoiZjQ3YWMxM...;
  verify=https://securestamp.org/verify/eyJhbG...

REST API

Query domains, channels or actions without storing sensitive instructions in plaintext. Responses can include signals, reasons and Trust Receipts.

  • Trust checks for domains and channels
  • Action Verdict for sensitive actions
  • Verifiable receipts for audit
  • Public verifier and registry when applicable
request
GET https://securestamp.org/v1/trust/example.com
response
{
  "domain": "example.com",
  "trustLevel": "L3",
  "signals": { "spf": "pass", "dkim": "pass", "dmarc": "pass" },
  "actionVerdict": "needs_confirmation",
  "receiptRef": "tr_01h..." 
}

MCP Server

Developer preview layer so agents can query trust checks before tool calls, APIs, workflows and sensitive operations.

  • SecureStamp MCP Server
  • Tool call checks
  • Action Verdict before execution
  • Human approval when policy requires it
MCP tool call
securestamp.get_action_verdict({
  origin: "billing@example.com",
  action: "payment_request",
  amount: "1200.00",
  destination: "acct_..." 
})

Official Channel Signal

Official channel verification across conversational surfaces

Signal lets you query whether a number, bot, handle, link, account or contact point belongs to the official perimeter declared by an entity. It is the layer for WhatsApp, Telegram, web, QR, support, billing and other channels where a person or agent can receive sensitive instructions.

Official perimeter

Checks email, WhatsApp, Telegram, web, QR, support and billing channels against verifiable records.

Connected to SSF

Channel signals feed Trust, Action Verdict and receipts without turning a brand into an absolute guarantee.

Honest limit

Signal verifies membership in the official perimeter. It does not prove that every message is true.

Receipts, registry and audit

Auditable evidence without relying on screenshots

Each relevant query or declaration can generate a verifiable receipt. Receipts help audit origin, channel, declared intent and Action Verdict without relying on blind trust in an interface.

Trust Receipts

Signed receipts summarizing signal, allowed context, timestamp and verifiable reference.

Registry

Tokens, receipts and public references can be verified without authentication when the flow allows it.

Audit

Organizations can combine receipts with internal policies, approvals and compliance controls.

Federated network

Federated network and approved nodes

SecureStamp Foundation coordinates a network of approved nodes to write and verify shared records. Operating a node requires technical review, SLA and alignment with governance principles.

01

Submit application

Include organization, region, operating capacity, expected SLA, technical surface and declared use case.

02

Technical review

The foundation evaluates capacity, operational security, coverage and potential conflicts of interest.

03

Credentials issued

If approved, the operator receives credentials and integration requirements to participate in the network.

04

Audited operation

The node must maintain availability, public health, operational traceability and incident-response processes.

Node obligations

Target uptime ≥ 99% over 30-day windows
Publish /v1/health endpoint
Keep keys and credentials rotatable
Report relevant anomalies to the foundation
Modify verification policies without approval
Expose internal data or sensitive signals without authorization

Verifiable registry

Verify stamps, receipts and public references

Every stamp, receipt or public reference issued by SecureStamp can be verified without turning this site into a commercial landing page. The foundation maintains the standard and query points.

Open public verifier
securestamp.org/verify/<token>

Technical FAQ

Frequently asked questions for developers and integrators

What is SecureStamp Foundation?

The entity that publishes and governs the open SecureStamp standard for verifying origin, intent, channel and action before operating.

What problem does the protocol solve?

It helps humans, systems and agents query verifiable signals before replying, paying, sharing data, invoking APIs or running workflows.

What are SecureStamp’s three pillars?

Email Proof Layer, Official Channel Signal and MCP / Agent Trust Layer. All three use the same model: Proof of Origin, Proof of Intent, SSF and Action Verdict before action.

What is Proof of Origin?

Verifiable evidence that a domain, channel, sender or organization corresponds to a registered origin.

What is Proof of Intent?

The verifiable connection between communication, channel, context and declared intent before a sensitive action occurs.

What is Action Verdict?

An evaluation of a concrete action before execution. It can recommend allow, review, deny or human approval according to signals and policy.

What is SSF?

SecureStamp Signal Framework: a common language for origin, authentication, channel, content, context, action and verdict signals.

What is SecureStamp MCP Server?

A developer preview direction for agents to query trust checks before sensitive tool calls through Model Context Protocol.

Docs and specification

Protocol documentation

The specification covers Proof of Origin, Proof of Intent, SSF, Action Verdict, integration points, receipts, honest limits and MCP direction for agents.

Questions about the specification or protocol design? protocol@securestamp.org

Contact

Get in touch

Each address routes directly to the right team. No ticketing system — real people.

SecureStamp Foundation — Open Trust Protocol for AI Agents