Authentication History is part of the Authentication check that OnINBOX  runs on every inbound email before it arrives in your mailbox (alongside Content and Trust). Authentication will still verify if the sender has DMARC, DKIM and SPF in place, but it will  also check against a historic set of results (21 days) to strengthen its ability to spot a spoof email or if a domain is just poorly configured. 

If a domain consistently fails for 21 days the ‘A’ indicator will be amber

In this scenario there’s a high chance that the domain has not been configured correctly as all emails within a 21 day period have failed authentication. It may not be a threat, but you should proceed with caution because the domain is still vulnerable to spoofing attacks. 

If a domain passes one or more times in 21 days and then an email fails, we’ll flag it as red

For an email that fails Authentication when there is any history of the domain passing Authentication over the last 21 days we will show a full red fail for ‘A’.’ This is because if previous emails have passed Authentication, emails that then don’t pass from the same domain have a high probability that someone is impersonating them by spoofing their email address with the aim of fooling the recipient. 

Remember, end users in Minimal mode will only be shown the A C T indicators inside the email itself if there is a fail, so in the scenario where a domain has consistently failed authentication over a 21 day period they will not see the amber warning. 

Authentication History is turned on by default. Administrators who want a higher level of alerting (and flag all emails that don’t authenticate as full red ‘fails’ instead of amber ‘wantings’), can turn Authentication History off for all users via the Settings panel in OnINBOX manager.

The best way to secure your organization from spoof emails is to ensure your supply chain has correctly configured their domain with DMARC to block any impersonation attempts. Ask them to test their domain today using our free domain checker tool https://tools.redsift.com/sift/investigate

Did this answer your question?