When a new email is received in our software, one of the initial processes the system performs is to assess the email's source headers. This assessment serves, among other things, to verify the sender of the email through the use of SPF records. SPF, (Sender Policy Framework) is an email authentication method. It enables the system to verify if an email that claims to have been sent from a specific domain indeed originates from an IP address that is authorized by the administrators of said domain. Authorized senders are listed within the SPF record of the sender's domain. This record specifies the mail servers and domains permitted to send emails on behalf of the sender's domain.
There are situations when the verification may not succeed. The system examines the Authentication-Results header for dmarc=pass/fail, dkim=pass/fail, and spf=pass/fail values. If any one of these values passes, the authentication process is successful. However, if all these values fail, or if the Authentication-Results header exists but doesn't include dmarc, dkim, and spf records, the verification is unsuccessful. When the Authentication-Results header is missing, the system falls back to the Received-SPF header. If this header's value is anything other than pass, the verification is deemed to have failed. If both these headers are absent, the verification will yet again fail.
When the verification fails, a warning message is displayed above the unverified email to help keep your information safe. The failure of the sender verification typically signals a phishing or spoofing attempt via email. However, it could also simply indicate a problem with the sender's domain settings.
It is advised not to respond to such unverified emails, especially by sharing sensitive or personal information, clicking any links, or downloading attachments they might contain. If you believe the email is legitimate and requires a reply, it is a good practice to first just inform the email sender that their emails are flagged as unverified. The sender might be this way also able to either confirm or deny whether the intial email was sent by them.