DKIM & SPF Warnings

E-mail Security

Banner Accent
Created with Sketch.

SIRKit implements sender verification checks for our clients to help reduce the number of fake (aka spoofed) messages. The additional checks are designed to give our clients additional ways to verify if an incoming message is legit. 

DKIM-SPF Warning


Things to know

  • SPF failures are less common; proceed with extreme caution
  • DKIM failures are more common; proceed with moderate caution
  • Contact the sender to verify the message's legitimacy (especially if attachments or links are contained in the message)
  • If either checks fail on incoming e-mail, we recommend you inform the sender and ask them to have their IT department investigate the cause
  • The sending party is responsible for their own e-mail security and compliance

Failed DKIM Check

This means the sender is either not using DKIM verification or the message has failed the check. DKIM verification involves decrypting an encrypted key that is embedded into each message to verify if the message originated from an authorized service. 

Scenarios/Examples

  • The sender uses Office365 for their e-mail service and the incoming e-mail passes DKIM checks. This means the message originated from Microsoft (or another authorized service). 
  • The sender uses Gmail for their e-mail service and the incoming e-mail fails DKIM checks. This means the message did not originate from Google or an authorized service. Because Google is large and takes compliance and security seriously, it would be abnormal to see a DKIM failure.  
  • The sender uses a small e-mail service and the incoming e-mail fails DKIM checks. The failure could be because the message was not sent from an authorized service or the e-mail service simply doesn't support DKIM yet. 

Whatever the case, if DKIM fails, proceed with caution. 

Failed SPF Check

This means the party sending the e-mail to you is either not using SPF verification or has failed it. SPF verification is the process of verifying if the incoming e-mail was sent from an authorized service (using a different methodology than DKIM). SPF does not use encryption (like DKIM), SPF is a simple list of IP addresses and services that are permitted to send on the company's behalf. 

Scenarios/Examples

  • The sender uses Office365 for their e-mail service and the incoming e-mail passes SPF checks. This means the message originated from Microsoft (or another authorized service). 
  • The sender uses Gmail for their e-mail service and the incoming e-mail fails SPF checks. This means the message did not originate from an authorized service. 
  • The sender uses a smaller e-mail service and the incoming e-mail fails SPF checks. The failure could be because the message was not sent from an authorized service or the e-mail service simply doesn't support SPF yet. 



© 2018 Sirkit. All Rights Reserved.