Aug 04 2022 03:32 AM
Hi all,
I have a email where DMARC, DKIM, SPF are marked as None, but still Composite authentication as passed. How can this be since the info of the composite authentication says: Combines multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated.
If all three are none, what other part of the messages lets the message to pass composite authentication?
Aug 04 2022 05:10 AM - edited Aug 04 2022 05:14 AM
SolutionAccording to MS docs -> If a domain doesn't have traditional SPF, DKIM, and DMARC records, those record checks don't communicate enough authentication status information. Therefore, Microsoft has developed an algorithm for implicit email authentication. This algorithm combines multiple signals into a single value called composite authentication, or compauth for short.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-aut...
Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-header...
well also check the FROM header of the email, I guess MS needs to disclose the other parts of the message.
cheers mate
Aug 11 2022 06:39 AM
Oct 11 2022 09:56 PM
Aug 04 2022 05:10 AM - edited Aug 04 2022 05:14 AM
SolutionAccording to MS docs -> If a domain doesn't have traditional SPF, DKIM, and DMARC records, those record checks don't communicate enough authentication status information. Therefore, Microsoft has developed an algorithm for implicit email authentication. This algorithm combines multiple signals into a single value called composite authentication, or compauth for short.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/email-validation-and-aut...
Composite authentication result. Used by Microsoft 365 to combine multiple types of authentication such as SPF, DKIM, DMARC, or any other part of the message to determine whether or not the message is authenticated. Uses the From: domain as the basis of evaluation.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-message-header...
well also check the FROM header of the email, I guess MS needs to disclose the other parts of the message.
cheers mate