What does ProtonMail’s warning about domain authentication failure mean?

Sometimes you may notice a bright red warning message at the top of an incoming email that says, “This email has failed its domain’s authentication requirements. It may be spoofed or improperly forwarded!” This article explains what this message means and what to do when you see it.

Why you may see this warning

ProtonMail alerts users of certain suspicious incoming emails to protect users from spam and phishing attacks. This message warns you that the sender’s email address failed one of the validation checks attempting to verify the sender, the DMARC check.

A failed domain authentication could be an indication that the From field has been forged, a kind of abuse known as email spoofing. Spammers and hackers use spoofing to trick recipients into believing an email is legitimate.

However, domain authentication failure does not always indicate abuse. Sometimes a legitimate email can fail authentication due to improper email forwarding, DNS misconfiguration, or temporary network failures.

What you should do when you see the warning

Incoming emails marked as having failed domain authentication should be treated with extra caution, especially those containing links or attachments.

  • Do not click any links or download attachments unless you are certain the email is legitimate.
  • If the email is from a business, such as a bank or online service, contact the business to confirm they sent the email.

For further assistance, please contact the ProtonMail Support team.

Post Comment

33 comments

  1. Charles Mangano

    Dear ProtonMail Support:

    The following website is of interest to me, so I responded to their offer:

    “GET ORGANIZED WITH YOUR
    FREE EMERGENCY PREPAREDNESS
    BINDER PDF
    You’ll also receive our Daily Newsletter!”

    Is it safe to click the links or download attachments?

    From:
    [redacted] 08/07/2018

    “Hi! Thanks for subscribing. Here’s the link to download your FREE Emergency Preparedness Binder pages.” [redacted] (link)

    Thank you,
    Charles Mangano

  2. ProtonMail Support

    Please do not post messages in comments. For more assistance, please contact our customer support team.
    https://protonmail.com/support-form

  3. BVL

    How do I get this warning to stop displaying at the top of the emails when the messages are coming from a trusted sender?

  4. ProtonMail Support

    You cannot. If you are getting the warning on all messages from a trusted sender, they most likely have issues with their setup and will have to resolve it on their side.

  5. Amy

    Hi,

    I am coming from a company whose emails are getting this error for one of our clients.

    We are an educational institute within a government agency so the emails and domain have been set up correctly meaning there shouldn’t be anything to resolve from our side. The emails are forwarded from our Learning Management System, via a no-reply email address, but should still be trusted and our users should not be seeing this message. Is there a way for my client to add our domain to a safe senders list. Or are you able to do it?

    Thank you.

  6. ProtonMail Support

    Please contact our support team using the support form at https://protonmail.com/support-form.

  7. Dennis Emahiser

    Hello
    I tried signing up for a new account and it wouldn’t let me verify through email or phone. I don’t know what to do.
    Thank you for your time.
    [redacted]

  8. ProtonMail Support

    Please contact our support team using the support form at https://protonmail.com/support-form.

  9. Lori York

    i cannot read my mail from paypal. and i cannot find any answers withing your help section. the error message states that it is a decryption error and I can not read my message from paypal support after speaking with them over the phone. so i know it is them.

  10. ProtonMail Support

    Please contact our support team using the support form at https://protonmail.com/support-form.

  11. Eddie Goldman

    I am getting this message from an email sent by my own mailing list to this address. By showing falsely identified sppofed emails, you are discrediting this entire process.

  12. ProtonMail Support

    Please contact our support team using the support form at https://protonmail.com/support-form to make sure that you have correctly authenticated your mailing list to use your domain.

  13. Anonymous

    Recently i got two emails with this message. One is from a Counselling Centre that i know is legitamate because it reflects my recent conversations with them. The other one was from Telus, my internet and phone supplier that reflects a recent order i put into them. So Both legit. Why am i still getting this message? Was the message intercepted by a hacker and then forwarded to me?

  14. ProtonMail Support

    Please contact the ProtonVPN support team using the support form at https://protonvpn.com/support-form with more details so they can look into it.

  15. Joe

    Funny : this error appears when you get a confirmation email after buying tax stamps from the French Tax Authorities :
    ne-pas-repondre(at)timbres.impots.gouv.fr

  16. Le Moal

    Bonjour,
    J’ai fait un test d’envoi à partir de Sendinblue, sur ma messagerie proton.
    Mon message est clean mais ne respecte pas vos procédures de vérification (DMARK).
    J’ai même dû réutiliser mon adresse gmail pour ma campagne. Dommage que proton soit si restrictif, car cela empêche les campagnes qui peuvent simplement de la bonne info !.

  17. ProtonMail Support

    We don’t allow other services to send messages with a ProtonMail email address in the From field in order to protect our reputation with other email providers.

  18. moy-zamok

    dea.spamcon.org and aol.com are NOT spam. I do not appreciate red warnings falsely claiming that they are.

  19. ProtonMail Support

    If the warning appears, that usually means that there is some misconfiguration on the sender’s side, or the sender has been spoofed.

  20. Douglas J Hormann

    Not sure why I’m getting this warning. The sender is the local county government that I’ve worked for nearly 30 years. Not a spammer or hacker and definitely not spoofed:)

    Washington County, Oregon, USA website: http://www.co.washington.or.us/
    email: @co.washington.or.us

  21. ProtonMail Support

    Please contact our support team: https://protonmail.com/support-form.

  22. Annie

    An email sent to me, by me, from my husband’s bulk mail account, included this header. I need to learn how remedy this situation. He is not using a hosted email account but rather a free gmail email account as his “from” email address. Is it more than just this? Thanks in advance for any help you may offer.

  23. ProtonMail Support

    If the message didn’t originate from Gmail directly, it’s likely to trigger this warning.
    If you need further assistance, please contact our support team using the support form at https://protonmail.com/support-form.

  24. ..

    What to do when this appears at the top of an email you have sent, [to a legitimate source, a national newspaper?]

  25. ProtonMail Support

    Is the recipient seeing this? Please contact our support team so we can get more details: https://protonmail.com/support-form.

  26. Jennifer Benkhauser

    i wanted to verify my bitchute account by verifying my email and i got the red error banner…please advise me what to do?

  27. ProtonMail Support

    Please contact our Support Team: https://protonmail.com/support-form.

  28. Richard

    These authentication issues are widespread and it is pleasing that Protonmail does the right thing. So many providers (ISPs and webmail (e.g. Vivaldi) handle it wrongly with total disregard of the user, either blocking senders or letting suspect email through without any warning.

  29. Wayne Morgan

    Got this “failed its domain’s authentication requirements warning” on an incoming email. It is a trusted source from a subscribed to mailing list and the full message with images loads on iPad but won’t load on my PC. I have PC account settings set to auto load remote content and embedded images. How do I get it to load on PC?

  30. ProtonMail Support

    You should see a Load button for images in the web client if loading is set to manual.
    https://protonmail.com/support/knowledge-base/images-by-default/

    If this is not the case, please contact our Support Team for further assistance: https://protonmail.com/support-form.

  31. Wayne Morgan

    Changed (on PC) to load images manually. Load button appeared but image did not come up after being pressed. Just this one particular email so far. Image loaded automatically on iOS. Email from (site name redacted) Not an important email. I’m not going to worry about it. Thanks anyway.

  32. ProtonMail Support

    Hi! If you’re using Firefox, this can be caused by Firefox’s tracking protection feature. Please see the link below:
    https://support.mozilla.org/en-US/kb/content-blocking?as=u&utm_source=inproduct#w_turn-content-blocking-off-on-individual-sites

  33. Wayne Morgan

    Clicked the shield in Firefox 71.0 address bar and turned off enhanced tracking protection for this site as described in the article and yes, images now appear. Thanks!

Leave A Comment?