Summary
Avanan's presence in DMARC reports is often due to it processing outbound emails as a security solution. The issue typically arises when Avanan isn't properly integrated into your email flow or isn't correctly authenticating emails. Correct integration includes verifying that Avanan is authorized in your SPF record (including their IPs), and signing emails with DKIM and ensuring proper DMARC alignment (SPF or DKIM needs to pass with alignment of the 'From' header). Conflicts can occur when using Avanan alongside existing email security solutions if not properly set up. It's recommended to regularly review DMARC reports, use DMARC reporting tools to monitor sending sources, and check Avanan's email reputation and deliverability. Also confirm with the finance department if Avanan has been purchased or is being used on a trial basis, as it may be 'shadow IT'.
Key findings
- Avanan as Sender: Avanan shows up because it's processing your outbound email.
- SPF & DKIM Alignment: Proper SPF and DKIM configuration are essential for DMARC to pass. Ensure 'From' header alignment.
- Authorization: Avanan's servers/IPs must be authorized in your SPF record.
- Conflict with other solutions: Using Avanan with other security solutions can cause conflicts if not configured correctly.
- Reporting & Monitoring: Regularly reviewing DMARC reports is crucial for identifying issues.
- Finance Department: Confirm with the finance department that there is a business account with Avanan.
Key considerations
- SPF Record: Verify that Avanan's IP addresses or domain is included in your SPF record.
- DKIM Setup: Ensure Avanan signs emails with a valid and aligned DKIM signature.
- DMARC Reports: Use DMARC reporting tools to identify the source of DMARC failures.
- Email Reputation: Check Avanan's email reputation if deliverability issues are suspected.
- Solution Integration: Make sure Avanan is properly integrated into your email flow.
- DNS Publishing: Ensure that the SPF record is correctly published in your DNS settings.
What email marketers say
13 marketer opinions
Avanan showing up in DMARC reports is often due to it processing outbound emails as a security solution. This is not necessarily an error, but a reflection of its role. Issues arise if Avanan is not properly integrated into your email flow or correctly authenticating emails. This includes verifying that Avanan is authorized in your SPF record, signing emails with DKIM, and ensuring DMARC alignment. Conflicts can also occur when using Avanan alongside existing email security solutions. Regularly reviewing DMARC reports and using DMARC reporting tools helps to monitor sending sources and catch any unauthorized activity. Checking Avanan's email reputation and deliverability is also recommended.
Key opinions
- Avanan's Role: Avanan processes outbound emails for security, so its presence in DMARC reports is normal.
- Authentication: Proper SPF and DKIM configuration for Avanan is essential to prevent DMARC failures.
- DMARC Alignment: DMARC requires either SPF or DKIM to pass, and the domain in the 'From:' header must match the authenticating domain.
- Multiple Solutions: Using Avanan alongside other security solutions can cause conflicts if not properly integrated.
- DMARC Monitoring: Regularly reviewing DMARC reports helps to identify unauthorized sending sources.
Key considerations
- Verify SPF Record: Ensure that Avanan's IP addresses or domain is included in your SPF record.
- Check DKIM Signature: Confirm that Avanan is signing emails with a valid and aligned DKIM signature.
- Review DMARC Reports: Use DMARC reporting tools to identify the source of DMARC failures and monitor sending activity.
- Evaluate Email Reputation: If you suspect Avanan is causing deliverability issues, check its email reputation.
- Check Integration: Ensure that Avanan is correctly integrated into your email flow without conflicts.
- Financial Records: Check financial records, especially PO/invoice details, to confirm that the client acknowledges using Avanan
Marketer view
Email marketer from EmailSecurityFAQ shares that using multiple email security solutions like Avanan alongside existing ones can sometimes cause conflicts. Make sure that Avanan is correctly integrated into your email flow and properly authenticating emails to prevent DMARC issues.
18 Nov 2022 - EmailSecurityFAQ
Marketer view
Email marketer from EasyDMARC advises regularly reviewing your DMARC reports to catch any unauthorized sending sources. If you see Avanan or other unexpected sources, investigate and update your SPF/DKIM records accordingly.
29 Mar 2024 - EasyDMARC
What the experts say
1 expert opinions
If Avanan is legitimately sending mail on your behalf, its servers and IPs need to be authorized in your SPF record to ensure SPF passes. Correct DKIM configuration is also advised if DKIM is being used.
Key opinions
- SPF Authorization: Avanan's servers and IPs must be authorized in your SPF record if it sends mail on your behalf.
- DKIM Configuration: Verify correct DKIM configuration if DKIM is being used with Avanan.
Key considerations
- SPF Verification: Verify that the SPF record includes Avanan's designated mechanisms.
- DKIM Verification: Verify the correctness of the DKIM configuration with Avanan.
Expert view
Expert from Spam Resource (John Levine) explains that if Avanan is legitimately sending mail on your behalf, its servers and IPs need to be authorized in your SPF record. He suggests verifying that the SPF record includes Avanan's designated mechanisms to ensure SPF passes, and advising to also verify that the DKIM configuration is correct if being used.
2 Jul 2024 - Spam Resource
What the documentation says
4 technical articles
DMARC failures occur when the 'From' domain doesn't align with the authenticating domain (SPF or DKIM). For Avanan, ensure it's authorized in your SPF record using 'include:' mechanisms and that DKIM signatures align with the 'From' header. Improper forwarding or modification of the 'From' header without correct SPF/DKIM configuration can lead to DMARC failures. Proper DNS publication of SPF records is critical.
Key findings
- DMARC Alignment: DMARC requires alignment between the 'From' domain and the domain used for authentication (SPF/DKIM).
- SPF Authorization: Third-party senders like Avanan need to be explicitly authorized in your SPF record.
- DKIM Alignment: DKIM signatures must align with the domain in the 'From' header for DMARC to pass.
- Forwarding Issues: Improper email forwarding or 'From' header modifications can cause DMARC failures.
Key considerations
- SPF Configuration: Include Avanan's IP addresses or domain using 'include:' mechanisms in your SPF record.
- DKIM Verification: Ensure that DKIM signatures are valid and properly configured for your domain.
- Header Integrity: Avoid modifying the 'From' header during email forwarding without proper authentication.
- DNS Publication: Ensure that the SPF record is correctly published in your DNS settings.
Technical article
Documentation from Microsoft explains that DMARC failures occur when the 'from' domain in an email doesn't align with the domain used to authenticate the email (SPF or DKIM). If Avanan is forwarding emails it may be altering the 'from' address or other headers leading to DMARC failures, and should be configured correctly.
9 Jul 2021 - Microsoft
Technical article
Documentation from DMARC Analyzer explains that DMARC alignment requires either SPF or DKIM to pass, and for the domain in the 'From:' header to match the domain used for authentication. If Avanan is forwarding emails and modifying the 'From:' header without proper SPF/DKIM configuration, DMARC will fail.
8 Jun 2025 - DMARC Analyzer
Can I use DMARC with shared IP addresses?
Do Yahoo and Gmail require DMARC authentication for senders?
How can DMARC reports be enriched with user-level data for better domain enforcement?
How can I ensure email compliance with Yahoo/Google rules including DMARC, SPF, and FcrDNS?
How do I properly set up DMARC records and reporting for email authentication?
How do I troubleshoot DMARC failures and potential DKIM replay attacks affecting email deliverability?
