Sender status

Sender status and its meaning

When you should set a sender to "Ignored"

What effects does the sender status "Ignored" have?

When you should not use the "Ignored" status

Sender status and its meaning

Unter DMARC-Berichte und auf der Registerkarte Allgemein können Sie den Status eines Absenders einsehen.

In SPF record

The sender status In SPF record means that the sender IP address is contained in the SPF record of the domain for which the emails were sent. The sender is thus authorised and classified as known.

Partially in SPF record

The status Partial in SPF record only occurs in rare cases. It can occur with services where only some of the IP addresses used are contained in the SPF entry, while other IPs of the same service are missing. In such cases, a closer examination of the service and the SPF entry is required.

Not in SPF record

Not in SPF record indicates that the sender IP address is not included in the SPF record of the domain and is therefore not authorised to send emails. This may be a new, previously unknown sender, a forwarder or a potential spammer. This status always requires verification.

Ignored

The Ignored status indicates sender IP addresses that are not included in the SPF entry and have been deliberately categorised as non-critical by the user. These senders are not considered valid senders, but are accepted and not monitored further. In practice, these are mostly forwarding services.

When you should set a sender to "Ignored"

Set the status of a sender to Ignored if one or more of the following conditions apply:

  • The sender appears repeatedly in the DMARC reports.

  • The sender is clearly not a legitimate sending system of your company.

  • The sender IP address belongs to a known forwarding or relay service.

  • There is no security risk from this sender.

  • There is no need to include the sender in future analyses or alerts.

What effects does the sender status "Ignored" have?

A sender set to Ignored is treated separately in the system so that you have additional options for analysing it:

  • You can filter DMARC reports by sender status so that you can optionally hide ignored senders.

  • You can recognise new or previously unknown senders more quickly, as ignored senders are visualised differently in the overview.

NOTE: Alerts do not take ignored senders into account by default. This means that no warnings are triggered for senders that are already known and deliberately ignored. This setting can be adjusted if necessary to include ignored senders in alerts.

When you should not use the "Ignored" status

  • For new or only sporadically appearing senders.

  • If it is unclear whether the sender should be authorised in the future.

  • If SPF, DKIM or DMARC errors cannot be explained.

  • If a security-relevant risk (e.g. spoofing) cannot be ruled out.