Sometimes you may notice a bright red warning message at the top of an incoming email that says, “This email has failed its domain’s authentication requirements. It may be spoofed(new window) or improperly forwarded!”
This article explains what this warning means and what to do when you see it.
Why you see this warning
Proton Mail alerts users of certain suspicious incoming emails to protect them from spam and phishing attacks(new window). This warning tells you that the sender’s email address failed the domain authentication check.
A failed domain authentication could be an indication that the “From” field has been forged, a kind of abuse known as email spoofing(new window). Spammers and hackers often use spoofing to trick recipients into believing an email is legitimate.
What you should do when you see the warning
You should treat incoming emails that failed the domain authentication check with extra caution, especially if you did not expect this email or if it contains links or attachments.
- Do not click any links or download attachments unless you are certain the email is legitimate.
- If the email is from a business, such as a bank or online service, contact the business to confirm they sent the email.
For further assistance, please contact the Proton Mail Support Team.