Sometimes you may notice a bright red warning message at the top of an incoming email that says, “This email has failed its domain’s authentication requirements. It may be spoofed or improperly forwarded!”
This article explains what this warning means and what to do when you see it.
Why you see this warning
ProtonMail alerts users of certain suspicious incoming emails to protect them from spam and phishing attacks. This warning tells you that the sender’s email address failed the DMARC check, one of the validation checks ProtonMail performs to verify the sender.
A failed domain authentication could be an indication that the “From” field has been forged, a kind of abuse known as email spoofing. Spammers and hackers often use spoofing to trick recipients into believing an email is legitimate.
What you should do when you see the warning
You should treat incoming emails that failed the domain authentication check with extra caution, especially if you did not expect this email or if it contains links or attachments.
- Do not click any links or download attachments unless you are certain the email is legitimate.
- If the email is from a business, such as a bank or online service, contact the business to confirm they sent the email.
For further assistance, please contact the ProtonMail Support team.