The Sender Verification Shield is a way to help users understand the "validity" of a sender's email address. From an antispam standpoint, it uses SPF, DKIM, and DMARC to verify the sender's email server and domain. Then it checks the recipient's Contacts and Trusted Senders. When combined, this is a good indication of the validity of the sender.
Green shield with check
This is a verified sender. They at least passed two of the three checks (SPF, DKIM, DMARC) and are either in your Contacts, they're a Trusted Sender (or sending from a trusted domain), or they're an authenticated user on your domain.
Gray shield with check
This is likely a verified source. The most common reason for a gray shield with a check mark is that the sender passed the spam checks, but they're not a Trusted Sender, not in your contacts, or they're not an authenticated user on your domain. They may also have a soft fail for something like DMARC.
Gray shield with exclamation point
This is possibly a verified source. However, they likely only passed one spam check, plus they're not a Trusted Sender, a Contact, or an authenticated user on your domain. The other checks did not hard fail, but the sending domain is possibly missing the record(s). It's also possible that the sender soft-failed every spam check (e.g., the records do not exist), but they're not suspect because the records did not actually hard fail.
Red shield with an X
The sender hard failed one or more SPF, DKIM, or DMARC check or if they're a blocked sender. Regarding spam check failures, the record exists but it hard fails. It's worth noting that even Trusted Senders who hard fail one of the checks will display a red shield because Trusted Senders still have SPF and DKIM spam checks run.