This is the reply that I received from Asana support on my case last night:
Thanks for writing in and apologies for the trouble. We have some recent updates to strengthen the authentication of our users.
The reason you received this error is that we had trouble verifying that the email we received actually came from you. In order to protect your account from potential phishing or email spoofing, we require that your emails pass our updated authentication measures.
The mail server that sent that email is not properly configured for your domain. It must be configured so that the domain of the envelope address matches the domain of the from address.
In order to resolve this, could you please request your email admin to properly configure this mail server. They may additionally have to update the domain settings in order to give this server permission to send emails on behalf of this domain.
If you have any questions in the meantime, or if there is anything else I can help you with, please don’t hesitate to get back in touch.
This is unacceptable. If there was an update or change that was made to your authentication mechanism, you have to inform your users otherwise issues like this will occur. Obviously this is happening in other environments, also, and they are unable to resolve it internally per your suggestion. Our client’s workflow was severely disrupted and we spent several hours yesterday afternoon troubleshooting this issue, when the fault was with Asana the entire time, and now you are suggesting that WE have to fix this problem after no changes were made to our environment?
Please rollback to the previous version or advise on how to modify the product to make it work as it was previously before these recent authentication mechanism changes were implemented. Otherwise, we have to create a workaround internally to generate tasks that do not flow through our mail server. Regardless, you have to inform your clients if security changes are made to your product.