What are Unidentified Senders?
Unidentified senders, in essence, are emails sent on behalf of a domain, that based on the DMARC aggregate reports data, do not appear to originate from either identifiable servers or recognizable services.
The unidentified sender's section can be found on the authentication report page and it is split into three tabs Unidentified IPs, Known forwarders, and Possible Senders:
โ
These are the most common reasons a sender may appear here:
The message may have been transmitted in a way that makes it impossible to conclusively determine its origin. For example, an email sent through multiple mailing lists. These unidentified senders are found classified under the Known Forwarders tab.
The sender may be a commercial service that is not yet in our catalog. These unidentified senders are found classified under the Unidentified IPs tab.
The sender may have a bug on their side; for example, they may use your domain in the headers of their emails with no malicious intent.
The Valimail platform sees no trace that these senders have any kind of email authentication configured to send on behalf of that domain. These unidentified senders are found classified under the Possible Senders tab.
The most likely scenario is that the sender may be fraudulent, deliberately spoofing your organization's domain. If you are not at DMARC enforcement, these unidentified, fraudulent senders are able to spoof your domain and exploit others by impersonating you and your business. These unidentified senders are found classified under the Unidentified IPs tab.
What should I do with them?
If you are enforcing DMARC with a policy of quarantine or reject, unidentified senders are generally not worth worrying about. Once you get every trusted sender authenticating, you can turn on a strong enforcement policy (such as "reject") and these unidentified senders will no longer be able to deliver email.
We recommend you look into the unidentified senders to see if you can recognize any of your legitimate servers, so you can get them configured for DMARC authentication. Any IP that you do not recognize from the Unidentified Senders, you can also treat as a potential spoofing attempt, moving forward.
As always, if you have any questions, please don't hesitate to submit a ticket.