Fraud Detection Checks

When you receive an email, you may see a message like this:

 This sender failed our fraud detection checks and may not be who they appear to be.  Learn about spoofing

This message shows up because of something called SPF (Sender Policy Framework).  SPF lets email providers define what systems/servers are allowed to send messages under a certain domain name.  At New Paltz specifically, we define what mail servers can send messages with an or from address.  


If you are noticing this on a message you sent

If you see this message/warning on a message you sent, it is almost certainly on a message from a mailing list.  This happens as follows:

  • You send your message from your email list to a mailing list.
  • If that mailing list is misconfigured, it will send your message to all members on that list, but leave your as the from address.
  • This leads to mail coming to Office 365 with an from address, but originating from a source (the mailing list server) not authorized by us to say their mail is from addresses

What can be done about this?  Unfortunately we at New Paltz cannot fix this as the issue lies with how the mailing list server is setup.  A mailing list server should send messages with a "From" address of the mailing list itself, and note that the message was sent "On Behalf of" the actual sender.  See the example below:

The SUNY New Paltz email list system is properly configured to send messages and uses the "on behalf of" section to indicate the actual sender of the message.  Not all mailing lists are setup this way.

Bottom line: If you see this message on a message you actually sent, you can just ignore it.  The only way of preventing this is to have the people who run the mail server changing their setup (to include DKIM signing or a similar technique).


If you are noticing this on a message you received

If the message is from a mailing list not run by SUNY New Paltz, you may see this message - especially when you see a post on the list from someone else at SUNY New Paltz.  This only occurs if the sending mail server is not setup properly to handle SPF.

At the very least, the warning should raise a red flag, especially before opening any attachments, or clicking any links in the message.

If you notice this on a non-mailing list message and are concerned about whether the message is authentic, contact ITS.


Special Case

If you are seeing this on mail sent by an external service provider on behalf of you or your department, then IT can assist.

We will have to have your mail sent by this external service provider from a different email domain (for example, something specific like or generic like (note: this is because we are unable to add any additional service providers to the domain SPF record as that record is full).  

We would then add the service provider's sending server info to the SPF record for the subdomain.


Article ID: 31073
Thu 6/1/17 11:30 AM
Thu 8/3/17 10:12 AM