From their blog…

...Now any email that claims to come from “paypal.com” or “ebay.com” (and their international versions) is authenticated by Gmail and—here comes the important part—rejected if it fails to verify as actually coming from PayPal or eBay. That’s right: you won’t even see the phishing message in your spam folder. Gmail just won’t accept it at all. Conversely, if you get an message in Gmail where the “From” says “@paypal.com” or “@ebay.com,” then you’ll know it actually came from PayPal or eBay. It’s email the way it should be.

eBay and PayPal have worked hard to ensure that all their email is signed with DomainKeys and DKIM. Armed with this information, Gmail can easily reject as a fake anything that doesn’t authenticate. We’ve been testing this for a few weeks now and it’s working so well that few people really noticed.

We think it’s great that PayPal and eBay have taken on the challenge of securing email, and we’re pleased to have put our best efforts together to make this work. It’s a bold move, but one that will really help fight phishing. Our hope is that this will set a good example for other organizations to follow (yes, it can be done!) and that over time more and more email will become trustworthy.