Unexpected log record in Audit Trail for domainAuthWarningOffOn

Salesforce admins may unexpectedly see an entry for domainAuthWarningOffOn in the Setup Audit logs, attributed to a user who made no changes and might not have been logged in. This occurs because a permission to display in-app reminders for verifying all email sending domains is automatically activated in your Salesforce org. The permission is activated, and the log entry created, only after an email is sent from an unverified domain. This email could be a direct send by a user or an automated send (such as from a flow, batch job, or report subscription). The Audit Trail then incorrectly attributes the domainAuthWarningOffOn permission change to the user who sent the related email. Although this is the current expected behavior, Salesforce admins may find this confusing when reviewing the Audit Trail.