Sometimes you may notice a bright red warning message at the top of an incoming email that says, “This email has failed its domain’s authentication requirements. It may be spoofed or improperly forwarded!” This article explains what this message means and what to do when you see it.
Why you may see this warning
ProtonMail alerts users of certain suspicious incoming emails to protect users from spam and phishing attacks. When you see this warning, it means the sender’s email address failed one of the domain validation checks (SPF, DKIM, or DMARC), which attempt to verify the sender.
A failed domain authentication could be an indication that the From field has been forged, a kind of abuse known as email spoofing. Spammers and hackers use spoofing to trick recipients into believing an email is legitimate.
However, domain authentication failure does not always indicate abuse. Sometimes a legitimate email can fail authentication due to improper email forwarding, DNS misconfiguration, or temporary network failures.
What you should do when you see the warning
Incoming emails marked as having failed domain authentication should be treated with extra caution, especially those containing links or attachments.
- Do not click any links or download attachments unless you are certain the email is legitimate.
- If the email is from a business, such as a bank or online service, contact the business to confirm they sent the email.
For further assistance, please contact the ProtonMail Support team.
Dear ProtonMail Support:
The following website is of interest to me, so I responded to their offer:
“GET ORGANIZED WITH YOUR
FREE EMERGENCY PREPAREDNESS
BINDER PDF
You’ll also receive our Daily Newsletter!”
Is it safe to click the links or download attachments?
From:
[redacted] 08/07/2018
“Hi! Thanks for subscribing. Here’s the link to download your FREE Emergency Preparedness Binder pages.” [redacted] (link)
Thank you,
Charles Mangano
0
Please do not post messages in comments. For more assistance, please contact our customer support team.
https://protonmail.com/support-form
0
How do I get this warning to stop displaying at the top of the emails when the messages are coming from a trusted sender?
0
You cannot. If you are getting the warning on all messages from a trusted sender, they most likely have issues with their setup and will have to resolve it on their side.
0
Hi,
I am coming from a company whose emails are getting this error for one of our clients.
We are an educational institute within a government agency so the emails and domain have been set up correctly meaning there shouldn’t be anything to resolve from our side. The emails are forwarded from our Learning Management System, via a no-reply email address, but should still be trusted and our users should not be seeing this message. Is there a way for my client to add our domain to a safe senders list. Or are you able to do it?
Thank you.
0
Please contact our support team using the support form at https://protonmail.com/support-form.
0
Hello
I tried signing up for a new account and it wouldn’t let me verify through email or phone. I don’t know what to do.
Thank you for your time.
[redacted]
0
Please contact our support team using the support form at https://protonmail.com/support-form.
0
i cannot read my mail from paypal. and i cannot find any answers withing your help section. the error message states that it is a decryption error and I can not read my message from paypal support after speaking with them over the phone. so i know it is them.
0
Please contact our support team using the support form at https://protonmail.com/support-form.
0
I am getting this message from an email sent by my own mailing list to this address. By showing falsely identified sppofed emails, you are discrediting this entire process.
0
Please contact our support team using the support form at https://protonmail.com/support-form to make sure that you have correctly authenticated your mailing list to use your domain.
0
Recently i got two emails with this message. One is from a Counselling Centre that i know is legitamate because it reflects my recent conversations with them. The other one was from Telus, my internet and phone supplier that reflects a recent order i put into them. So Both legit. Why am i still getting this message? Was the message intercepted by a hacker and then forwarded to me?
0
Please contact the ProtonVPN support team using the support form at https://protonvpn.com/support-form with more details so they can look into it.
0
Funny : this error appears when you get a confirmation email after buying tax stamps from the French Tax Authorities :
ne-pas-repondre(at)timbres.impots.gouv.fr
0
Bonjour,
J’ai fait un test d’envoi à partir de Sendinblue, sur ma messagerie proton.
Mon message est clean mais ne respecte pas vos procédures de vérification (DMARK).
J’ai même dû réutiliser mon adresse gmail pour ma campagne. Dommage que proton soit si restrictif, car cela empêche les campagnes qui peuvent simplement de la bonne info !.
0
We don’t allow other services to send messages with a ProtonMail email address in the From field in order to protect our reputation with other email providers.
0
dea.spamcon.org and aol.com are NOT spam. I do not appreciate red warnings falsely claiming that they are.
0
If the warning appears, that usually means that there is some misconfiguration on the sender’s side, or the sender has been spoofed.
0
Not sure why I’m getting this warning. The sender is the local county government that I’ve worked for nearly 30 years. Not a spammer or hacker and definitely not spoofed:)
Washington County, Oregon, USA website: http://www.co.washington.or.us/
email: @co.washington.or.us
0
Please contact our support team: https://protonmail.com/support-form.
0
An email sent to me, by me, from my husband’s bulk mail account, included this header. I need to learn how remedy this situation. He is not using a hosted email account but rather a free gmail email account as his “from” email address. Is it more than just this? Thanks in advance for any help you may offer.
0
If the message didn’t originate from Gmail directly, it’s likely to trigger this warning.
If you need further assistance, please contact our support team using the support form at https://protonmail.com/support-form.
0
What to do when this appears at the top of an email you have sent, [to a legitimate source, a national newspaper?]
0
Is the recipient seeing this? Please contact our support team so we can get more details: https://protonmail.com/support-form.
0
i wanted to verify my bitchute account by verifying my email and i got the red error banner…please advise me what to do?
0
Please contact our Support Team: https://protonmail.com/support-form.
0
These authentication issues are widespread and it is pleasing that Protonmail does the right thing. So many providers (ISPs and webmail (e.g. Vivaldi) handle it wrongly with total disregard of the user, either blocking senders or letting suspect email through without any warning.
0
Got this “failed its domain’s authentication requirements warning” on an incoming email. It is a trusted source from a subscribed to mailing list and the full message with images loads on iPad but won’t load on my PC. I have PC account settings set to auto load remote content and embedded images. How do I get it to load on PC?
0
You should see a
Loadbutton for images in the web client if loading is set to manual.https://protonmail.com/support/knowledge-base/images-by-default/
If this is not the case, please contact our Support Team for further assistance: https://protonmail.com/support-form.
0
Changed (on PC) to load images manually. Load button appeared but image did not come up after being pressed. Just this one particular email so far. Image loaded automatically on iOS. Email from (site name redacted) Not an important email. I’m not going to worry about it. Thanks anyway.
0
Hi! If you’re using Firefox, this can be caused by Firefox’s tracking protection feature. Please see the link below:
https://support.mozilla.org/en-US/kb/content-blocking?as=u&utm_source=inproduct#w_turn-content-blocking-off-on-individual-sites
0
Clicked the shield in Firefox 71.0 address bar and turned off enhanced tracking protection for this site as described in the article and yes, images now appear. Thanks!
0