What is Threat/Unknown

What do entries in Threat/Unknown indicate?


  1. legitimate senders with bad authentication, from sending sources we do not have static listings for. For those new to DMARC, it's important to look for entries like this, and work with the sender to remediate and set up proper authentication.
  2. fraudulent message delivery attempts (this is the most common - nothing you can do to stop these attempts, but once you publish DMARC reject, participating receivers will no longer accept that email.  You can always check our public recent-reporters list to see who participates. https://us.dmarcian.com/dmarc-data-providers/ )
    • Often the largest set of fraudulent entries are ones within the "Misconfigured Server" grouping. This is a set of entries where the reported sending IP address's DNS resolution is misconfigured or not present. No legitimate sending environment is expected to have this problem.
  3. legitimate forwarding thru relays, similar to (1) - the best (only) solution you can provide for this is to make certain that all of your sources are sending with correct DKIM signing.

Related Articles