What are Unidentified Senders?

Unidentified senders do not appear to originate from either identified servers or recognized services. There are a few reasons a sender may appear here

  • The message may have been transmitted in a way that makes it impossible to conclusively determine its origin
  • The sender may be a commercial service that is not yet in our catalog
  • The sender may have a bug on their side; for example, they may use your domain in the headers of their emails with no malicious intent
  • The most likely scenario is that the sender may be fraudulent, deliberately spoofing your organization's domain. If you are not at DMARC enforcement, these unidentified, fraudulent senders are able to spoof your domain and exploit others by impersonating you and your business

What Should I Do with Them?

If you are enforcing DMARC with a policy of quarantine or reject, unidentified senders are generally not worth worrying about. Once you get every trusted sender authenticating, you can turn on a strong enforcement policy (such as "reject") and these unidentified senders will no longer be able to deliver email.

We recommend you look into the unidentified senders to see if you can recognize any of your legitimate servers, so you can get them authenticating.

Click on an unidentified sender to get a detail page with more information.

The detail page shows the sender's IP address and some derivative information including PTR record (if there is a value) and country of origin.

You can also see full reporting detail, as with a normal sender. Learn more about how to read these reports.

The app will not support any unidentified sender passing SPF or DKIM, so you can think of all Unidentified Senders as Denied senders.

Recognizing a Sender you Want to Approve

If you find a sender that you trust, you can simply click 'Approve This Sender' and add them as an approved internal sender.