-
Notifications
You must be signed in to change notification settings - Fork 157
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update email-authentication-about.md
- Loading branch information
1 parent
cdc281f
commit 587a80d
Showing
1 changed file
with
16 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -176,10 +176,25 @@ Authentication-Results: | |
|
|
||
| These values are explained at [Authentication-results message header](message-headers-eop-mdo.md#authentication-results-message-header). | ||
|
|
||
| Admins and users can examine the message headers to discover how Microsoft 365 identified the sender as spoofed or legitimate. | ||
| Admins and users can examine the message headers to discover how Microsoft 365 identified the sender as suspicious spoofed sender or legitimate. | ||
|
|
||
| It's crucial to understand that a failure in CAUTH does not directly lead to an email being blocked. Our system employs a holistic evaluation strategy, considering the overall suspicious nature of an email alongside CAUTH outcomes. This method is designed to mitigate the risk of incorrectly blocking legitimate emails from domains that may not strictly adhere to authentication protocols. Such a balanced approach helps in distinguishing genuinely malicious emails from those that simply fail to conform to standard authentication practices. | ||
|
|
||
| The following examples focus on the results of email authentication only (the `compauth` value and reason). Other Microsoft 365 protection technologies can identify messages that pass email authentication as spoofed, or identify messages that fail email authentication as legitimate. | ||
|
|
||
| - **Scenario**: The domain in the SPF record or the DKIM signature doesn't match the domain in the From address. | ||
| - **Result**: The message can fail composite authentication, Despite the CAUTH failure, the email might still be allowed if other assessments do not indicate a suspicious nature. | ||
|
|
||
| ```text | ||
| Authentication-Results: spf=none (sender IP is 192.168.1.8) | ||
| smtp.mailfrom=maliciousdomain.com; contoso.com; dkim=pass | ||
| (signature was verified) header.d=maliciousdomain.com; | ||
| contoso.com; dmarc=none action=none header.from=contoso.com; | ||
| compauth=fail reason=001 | ||
| From: [email protected] | ||
| To: [email protected] | ||
| ``` | ||
|
|
||
| - **Scenario**: The fabrikam.com domain has no SPF, DKIM, or DMARC records. | ||
| - **Result**: Messages from senders in the fabrikam.com domain can fail composite authentication: | ||
|
|
||
|
|
||