This article contains information on why a source is marked as failed in DMARC, explaining causes like misaligned SPF/DKIM or malicious activity, and steps to investigate and resolve issues for valid or unrecognized sources.
Why is a source marked as failed?
A source marked as failed means that emails from the source are not DMARC compliant because SPF and DKIM were invalid. This can mean two things:
- This source failed the DMARC checks because DKIM and or SPF were not set up correctly (misaligned).
- The source failed the DMARC checks because malicious emails were sent on behalf of your domain.
Why is a source marked as failed?
It is important to investigate all sources that appear in the failed section to identify the sources as valid or as malicious. If you recognize a source as legitimate, you can set up and align SPF and/or DKIM correctly. Unrecognized sources require investigation because the source might try to send malicious emails on behalf of your domain.
The steps that you can take to investigate the source:
- Do I recognize the source as a partner of my company?
- Search on Google what kind of source this is.
- Does the source appear on RBL blacklist websites?
- Check the forensic reports to see what kind of emails are sent by the source.
- If the source is valid, search for documentation to set up DMARC correctly
- Contact the source.
Comments
Please sign in to leave a comment.