The main email sender verification mechanisms in use today are SPF, DMARC, and DKIM. If an organization does not implement them, it exposes itself to significant risks. This gives cybercriminals the opportunity to send fraudulent messages, allowing them to impersonate any sender within the organization’s domain. For this reason, some email providers treat incoming emails from domains that do not use these mechanisms as spam.
Our email systems check the aforementioned mechanisms. If the sender's servers do not have these mechanisms configured or if the configuration is incorrect, we treat such emails as spam.
If you are experiencing issues with delivering emails to us, please visit https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/. There, you will find information on how to configure email sender verification mechanisms: SPF, DMARC, and DKIM.