Legitimacy & Risk Signals
Understanding green flags and red flags
3 min read
SPF Management
Legitimacy & Risk Signals
Legitimacy Indicators (Green Flags)
- High Auth Rate (>95%) - Reliable, authenticated senders
- Stable Senders (>30d) - Established, predictable sources
- Known Services - Verified providers like Gmail, Microsoft, SendGrid
- DKIM Aligned - Cryptographically verified sender
Risk Signals (Red Flags)
- Auth Failures (>20%) - Fix authentication or reject
- Volume Spikes (>200%) - Investigate for compromise
- Zero Authentication - Reject immediately
- Unknown IP Ranges - Residential or suspicious networks
Important
Sources with zero authentication should be rejected immediately - they are almost certainly spam or spoofing attempts.