Authentication checks verify that an email originates from where it claims to come from. You can set up banners that appear in end users' messages to help them decide whether messages are genuine.
Message Authentication uses DMARC, SPF, and DKIM. The DMARC check depends on the SPF and DKIM checks. DMARC can only be evaluated if the sender has a valid DMARC record in DNS and supports SPF or DKIM checking. You can select actions to take if messages fail each check.
Sender check uses Header anomaly and Domain anomaly. Header anomaly detects messages sent from your domain but originating from an external domain. Domain anomaly detects messages sent from a domain without an MX record or an A record.
See Sender check.
End-user message settings
When you turn on End-user message settings, a banner is displayed at the top of inbound HTML email messages to show whether the email is trusted. You can customize the banners and choose the action your users can take when receiving messages.