Over the past few weeks we have been watching a sharp spike in DMARC failure reports for the domain kafkai.com. Our monitoring service, URIPorts, flagged a 43.2 percent increase in messages that failed DMARC validation during the last reporting cycle. The emails are not coming from us. Someone is spoofing the kafkai.com domain in a phishing campaign, and we want you to know what is going on and how to protect yourself.

What We Are Seeing

The reports are consistent. Someone is sending email with a forged From: header that claims to come from an address at kafkai.com. The messages are coming from a wide range of residential and mobile networks, mostly in Japan and the United States, through providers such as NTT Docomo, KDDI, Spectrum, and Verizon. The emails fail both DKIM and SPF checks, which means they are not authenticated by our infrastructure in any way. They are simply pretending to be from us.

Screenshot of a data table showing DMARC fail reports for kafkai.com, featuring columns for Source IP and SPF status.

What We Have Done

Our DMARC policy for kafkai.com is already set to reject:

v=DMARC1; p=reject; aspf=r; adkim=r; ...

This tells any receiving mail server that checks DMARC to reject outright any message that fails both SPF and DKIM alignment. In practice, that means a well-configured provider should drop the message or, at minimum, file it in spam. The data we see shows that most providers are doing exactly that: the reported disposition is reject.

What You Should Do

Even with a strict DMARC policy in place, not every email provider on the internet enforces it. Some smaller or poorly configured systems may still deliver the message to an inbox. So a quick reminder:

  • We do not send unsolicited email asking for passwords, payment details, or verification codes. If an email claiming to be from Kafkai asks for any of those, it is not from us.
  • Check the actual sender address carefully. The display name may say "Kafkai" or something official-sounding, but the underlying email address is what matters. Look for misspellings or odd domains.
  • Do not open attachments or click links in unexpected email. If you are unsure, open a fresh browser tab and navigate to kafkai.com or kafkai.ai directly rather than following a link in an email.
  • When in doubt, contact us directly. You can reach us through the contact form on kafkai.com or the support channels you already have for any product you use from us.

A Note on Email Infrastructure

We run our own email services carefully. KaiMail, our custom-domain email forwarding service, and the rest of our mail infrastructure are built with the assumption that email authentication matters. The fact that these spoofed messages are failing every check is, in a backwards way, proof that the system is working as designed. The failures are being caught. The problem is the small fraction of mail servers that do not bother to check.

If you have received one of these messages and were unsure what to do, we are sorry for the confusion. In these cases, it's really sad that the people not doing the bad things need to apologize and remind other people to not fall into traps, but here we are.

We will keep monitoring the situation and will update this post if anything changes.