DNS
Dutch Operator Invoice Lost: SPF DMARC Failure Explained
By Steven | TrustYourWebsite2 min read
Source: Ius Mentis
A Dutch network operator reportedly failed to deliver an invoice to a customer because its email system was not properly configured to authenticate outgoing messages. According to the blog Ius Mentis, the operator's invoicing emails were silently discarded by the recipient's mail server, and a paper copy sent by post also never arrived.
What happened?
According to Ius Mentis, the network operator sent invoice emails from a mail server that was not listed in its own SPF configuration. SPF (Sender Policy Framework) is a setting in your domain's DNS that tells the world which mail servers are allowed to send email on your behalf. When an email arrives from a server that is not on that list, the receiving server checks the domain's DMARC policy (defined in RFC 7489) to decide what to do. In this case, the policy apparently instructed receiving servers to discard the message entirely, with no notification to the sender.
The result: the invoice was never received. Not once, but reportedly on multiple attempts, including to a second email address hosted on a major cloud platform.
Why does this matter legally?
The blog author at Ius Mentis argues that because the sender's own configuration caused the emails to be rejected, the invoice should be treated as never having been sent. If that reasoning holds, collection costs would not yet be justified, since no valid invoice was actually delivered to the recipient.
This is a practical point worth noting. If your business sends invoices, payment reminders or other important documents by email, and your email authentication settings are broken, you may not be able to prove that a message was ever delivered.
What does this mean for your website?
If your website or business sends emails, including invoices, order confirmations or contact form replies, those messages depend on correct SPF and DMARC settings to reach their destination. A misconfiguration can cause your emails to be silently dropped, with no error message and no way for you to know. You can check whether your domain's email authentication is set up correctly by reviewing our security checklist for small businesses.
Source: Ius Mentis (7 May 2026). Note: this report is based on a secondary blog post summarising a Reddit account. No regulatory authority is involved and the network operator is not named.
Check your website now
Free website scan covering GDPR, copyright, accessibility, security, and more.
Start free checkRelated articles
DNS
DNSSEC SSL Renewal Failures Explained
Sucuri's WAF began fully supporting CA/Browser Forum Ballot SC-085v2 in March 2026, causing some SSL certificate renewals to fail when DNSSEC is misconfigured.
2 min read