When a new email is received in our software, one of the initial processes the system performs is to assess the email's source headers. This assessment serves, among other things, to verify the sender of the email through the use of SPF records. SPF, (Sender Policy Framework) is an email authentication method. It enables the system to verify if an email that claims to have been sent from a specific domain indeed originates from an IP address that is authorized by the administrators of said domain. Authorized senders are listed within the SPF record of the sender's domain. This record specifies the mail servers and domains permitted to send emails on behalf of the sender's domain.
There may be instances where the SPF verification fails. When this occurs, a warning message is displayed above the unverified email to help keep your information safe. The failure of an SPF verification typically signals a phishing or spoofing attempt via email. However, it could also simply indicate a problem with the sender's domain settings.
It is advised not to respond to such unverified emails, especially by sharing sensitive or personal information, clicking any links, or downloading attachments they might contain. If you believe the email is legitimate and requires a reply, it is a good practice to first just inform the email sender that their emails are flagged as unverified. The sender might be this way also able to either confirm or deny whether the intial email was sent by them.