Sometimes you may notice a bright red warning message at the top of an incoming email that says, “This email has failed its domain’s authentication requirements. It may be spoofed or improperly forwarded!” This article explains what this message means and what to do when you see it.
Why you may see this warning
ProtonMail alerts users of certain suspicious incoming emails to protect users from spam and phishing attacks. When you see this warning, it means the sender’s email address failed one of the domain validation checks (SPF, DKIM, or DMARC), which attempt to verify the sender.
A failed domain authentication could be an indication that the From field has been forged, a kind of abuse known as email spoofing. Spammers and hackers use spoofing to trick recipients into believing an email is legitimate.
However, domain authentication failure does not always indicate abuse. Sometimes a legitimate email can fail authentication due to improper email forwarding, DNS misconfiguration, or temporary network failures.
What you should do when you see the warning
Incoming emails marked as having failed domain authentication should be treated with extra caution, especially those containing links or attachments.
- Do not click any links or download attachments unless you are certain the email is legitimate.
- If the email is from a business, such as a bank or online service, contact the business to confirm they sent the email.
For further assistance, please contact the ProtonMail Support team.
Dear ProtonMail Support:
The following website is of interest to me, so I responded to their offer:
“GET ORGANIZED WITH YOUR
FREE EMERGENCY PREPAREDNESS
BINDER PDF
You’ll also receive our Daily Newsletter!”
Is it safe to click the links or download attachments?
From:
[redacted] 08/07/2018
“Hi! Thanks for subscribing. Here’s the link to download your FREE Emergency Preparedness Binder pages.” [redacted] (link)
Thank you,
Charles Mangano
0
Please do not post messages in comments. For more assistance, please contact our customer support team.
https://protonmail.com/support-form
0
How do I get this warning to stop displaying at the top of the emails when the messages are coming from a trusted sender?
0
You cannot. If you are getting the warning on all messages from a trusted sender, they most likely have issues with their setup and will have to resolve it on their side.
0
Hi,
I am coming from a company whose emails are getting this error for one of our clients.
We are an educational institute within a government agency so the emails and domain have been set up correctly meaning there shouldn’t be anything to resolve from our side. The emails are forwarded from our Learning Management System, via a no-reply email address, but should still be trusted and our users should not be seeing this message. Is there a way for my client to add our domain to a safe senders list. Or are you able to do it?
Thank you.
0
Please contact our support team using the support form at https://protonmail.com/support-form.
0
Hello
I tried signing up for a new account and it wouldn’t let me verify through email or phone. I don’t know what to do.
Thank you for your time.
[redacted]
0
Please contact our support team using the support form at https://protonmail.com/support-form.
0
i cannot read my mail from paypal. and i cannot find any answers withing your help section. the error message states that it is a decryption error and I can not read my message from paypal support after speaking with them over the phone. so i know it is them.
0
Please contact our support team using the support form at https://protonmail.com/support-form.
0
I am getting this message from an email sent by my own mailing list to this address. By showing falsely identified sppofed emails, you are discrediting this entire process.
0
Please contact our support team using the support form at https://protonmail.com/support-form to make sure that you have correctly authenticated your mailing list to use your domain.
0
Recently i got two emails with this message. One is from a Counselling Centre that i know is legitamate because it reflects my recent conversations with them. The other one was from Telus, my internet and phone supplier that reflects a recent order i put into them. So Both legit. Why am i still getting this message? Was the message intercepted by a hacker and then forwarded to me?
0
Please contact the ProtonVPN support team using the support form at https://protonvpn.com/support-form with more details so they can look into it.
0
Funny : this error appears when you get a confirmation email after buying tax stamps from the French Tax Authorities :
ne-pas-repondre(at)timbres.impots.gouv.fr
0
Bonjour,
J’ai fait un test d’envoi à partir de Sendinblue, sur ma messagerie proton.
Mon message est clean mais ne respecte pas vos procédures de vérification (DMARK).
J’ai même dû réutiliser mon adresse gmail pour ma campagne. Dommage que proton soit si restrictif, car cela empêche les campagnes qui peuvent simplement de la bonne info !.
0
We don’t allow other services to send messages with a ProtonMail email address in the From field in order to protect our reputation with other email providers.
0
dea.spamcon.org and aol.com are NOT spam. I do not appreciate red warnings falsely claiming that they are.
0
If the warning appears, that usually means that there is some misconfiguration on the sender’s side, or the sender has been spoofed.
0