cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

DMARC, DKIM, SPF none but Composite authentication pass

Gunter Danzeisen
Brass Contributor

‎Aug 04 2022 03:32 AM

‎Aug 04 2022 03:32 AM

DMARC, DKIM, SPF none but Composite authentication pass

Hi all,

 

I have a email where DMARC, DKIM, SPF are marked as None, but still Composite authentication as passed. How can this be since the info of the composite authentication says: Combines multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated.

GunterDanzeisen_0-1659606158324.png

If all three are none, what other part of the messages lets the message to pass composite authentication?

9,989 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Gunter Danzeisen (Brass Contributor)
EmekaNgene

‎Aug 04 2022 05:10 AM - edited ‎Aug 04 2022 05:14 AM

‎Aug 04 2022 05:10 AM - edited ‎Aug 04 2022 05:14 AM

Solution

Re: DMARC, DKIM, SPF none but Composite authentication pass

According to MS docs -> If a domain doesn't have traditional SPF, DKIM, and DMARC records, those record checks don't communicate enough authentication status information. Therefore, Microsoft has developed an algorithm for implicit email authentication. This algorithm combines multiple signals into a single value called composite authentication, or compauth for short.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-aut...

Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-header...

well also check the FROM header of the email, I guess MS needs to disclose the other parts of the message.

 

cheers mate

1 Like
Reply
ExMSW4319

‎Aug 11 2022 06:39 AM

‎Aug 11 2022 06:39 AM

Re: DMARC, DKIM, SPF none but Composite authentication pass

As far as SPF is concerned, a missing or corrupt record is a neutral outcome, not a failure. A lot of genuine senders do not post a record.
0 Likes
Reply
Sruthyy

‎Oct 11 2022 09:56 PM

‎Oct 11 2022 09:56 PM

Re: DMARC, DKIM, SPF none but Composite authentication pass

If you haven't configured SPF, DKIM, and DMARC for your domain, Microsoft will handle it by applying the composite authentication or compauth for your domain. But, they recommend us to configure these authentication methods manually for each custom domains. Check out what to implement for your domain below.
https://blog.admindroid.com/a-guide-to-spf-dkim-and-dmarc-to-prevent-spoofing/
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Gunter Danzeisen (Brass Contributor)
EmekaNgene

‎Aug 04 2022 05:10 AM - edited ‎Aug 04 2022 05:14 AM

‎Aug 04 2022 05:10 AM - edited ‎Aug 04 2022 05:14 AM

Solution

Re: DMARC, DKIM, SPF none but Composite authentication pass

According to MS docs -> If a domain doesn't have traditional SPF, DKIM, and DMARC records, those record checks don't communicate enough authentication status information. Therefore, Microsoft has developed an algorithm for implicit email authentication. This algorithm combines multiple signals into a single value called composite authentication, or compauth for short.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-aut...

Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-header...

well also check the FROM header of the email, I guess MS needs to disclose the other parts of the message.

 

cheers mate

View solution in original post

1 Like
Reply