Forum Discussion
Solved
DMARC, DKIM, SPF none but Composite authentication pass
Hi all,
I have a email where DMARC, DKIM, SPF are marked as None, but still Composite authentication as passed. How can this be since the info of the composite authentication says: Combines multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated.
If all three are none, what other part of the messages lets the message to pass composite authentication?
According to MS docs -> If a domain doesn't have traditional SPF, DKIM, and DMARC records, those record checks don't communicate enough authentication status information. Therefore, Microsoft has developed an algorithm for implicit email authentication. This algorithm combines multiple signals into a single value called composite authentication, or compauth for short.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-worldwide#composite-authentication
Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-worldwide#authentication-results-message-header-fields
well also check the FROM header of the email, I guess MS needs to disclose the other parts of the message.cheers mate
- Composite Authentication is BS. Also, DMARC is only a policy, not an authentication mechanism, and it cannot be enforced-- it is only a request. FROM is not authentication-- that is the whole problem as to why SPF and DKIM were created. Anyone can pick any FROM address from and domain, Google.com, Microsoft.com, anything, if you have your own server.
Only DKIM and SPF authenticate email. Period. Nothing else.
SPF says what servers can send for a given domain, and DKIM digitally signs it for the domain, proving it is authentic and untampered.
This is why they are important. Anything else is easily faked. - If you haven't configured SPF, DKIM, and DMARC for your domain, Microsoft will handle it by applying the composite authentication or compauth for your domain. But, they recommend us to configure these authentication methods manually for each custom domains. Check out what to implement for your domain below.
https://blog.admindroid.com/a-guide-to-spf-dkim-and-dmarc-to-prevent-spoofing/ - As far as SPF is concerned, a missing or corrupt record is a neutral outcome, not a failure. A lot of genuine senders do not post a record.
According to MS docs -> If a domain doesn't have traditional SPF, DKIM, and DMARC records, those record checks don't communicate enough authentication status information. Therefore, Microsoft has developed an algorithm for implicit email authentication. This algorithm combines multiple signals into a single value called composite authentication, or compauth for short.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-authentication?view=o365-worldwide#composite-authentication
Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-headers?view=o365-worldwide#authentication-results-message-header-fields
well also check the FROM header of the email, I guess MS needs to disclose the other parts of the message.cheers mate
