Do I need to whitelist an IP for my SPF Records and Mail Gateway

Document created by Oz Merchant Administrator on Sep 7, 2016Last modified by Ramon Geertjens on Sep 18, 2017
Version 5Show Document
  • View in full screen mode

While it is not mandatory, for some network configurations it is necessary to whitelist our mail server if you wish to have Samanage send emails on behalf of your domain and to ensure that you receive the proper notifications from the application.  Whitelisting is specifically allowing emails from a certain source to be allowed into your email inbox and easily pass through your spam filter or junk folder.  While we try to maintain a static IP for our application and servers, it is possible at times that the IP address will change.

 

For customers that fall under the US data center, all Samanage emails are sent from o1.mailer.samanage.com. Our recommended practice is to whitelist:

o1.mailer.samanage.com and o2.mailer.samanage.com on your network instead of the corresponding IP address (75.126.253.143 and 167.89.101.239 respectively).

 

For customers that fall under the EU data center, all Samanage emails are sent by Amazon SES rather than Sendgrid. Provided below are commands to find the IP ranges:

 

On Mac/Linux

dig TXT amazonses.com +short| grep 'v=spf1'

 

On Windows

nslookup -type=TXT amazonses.com | find "v=spf1"



 

____________________________________________________________________________________________________________________________________

 

NOTE: If you use Office365, you may have to ADD "samanage.com" and/or "mailer.samanage.com" to the O365 threat management safe links area.

ProcessLogin to the O365 portal > Admin Centers > Security & Compliance > Threat Management > Safe Links > Policies that apply to specific recipients > edit           default policy or create a new one > Settings > Do not rewrite the following URLs > add *samanage.com* and *mailer.samanage.com* > save it and wait for 30-60 minutes and test a new ticket.

 

____________________________________________________________________________________________________________________________________

 

 

NOTE:  Keep in mind that those IP addresses are subject to change. If SES adds or removes any outgoing IP address, we will update the SPF record, so you need to check back from time to time, if you want to make sure you have the latest list of IP address ranges. Another thing to note is that there is no guarantee with regard to which particular SES IP address of the list of IP addresses, your email will be sent through. If you need to perform a whitelisting process for the emails you're sending through SES you will have to whitelist all SES IP address blocks.  As these are IP ranges are subject to be changed by Amazon, it is necessary to maintain this information.

 

____________________________________________________________________________________________________________________________________

____________________________________________________________________________________________________________________________________

 

Below is an example of how to whitelist a domain/IP address on a email client (Ex: Gmail)

 

1) Sign into the to Google Admin console.

 

im1.png

 

2) From the dashboard, go to Google Apps > Gmail > Advanced Settings

3) In the Organizations section, highlight your domain.

 

4) In the Email whitelist section, enter the IP addresses of your contact's domain host to make sure any mail originating from these IP addresses are not labeled spam. If you would like to add more than one IP address, enter an IP range in CIDR notation or separate each IP address with a comma.

 

5) Click Save changes.

 

Note:  The steps to whitelist an IP on email clients may vary but should essentially share similarities.

 

Below is an example of how to add SPF Records on a DNS (Ex: GoDaddy):

 

1) Log in to your GoDaddy account and click on the domain you want to modify the records.

 

im2.png

 

2) Launch the DNS Manager.

 

im3.png

 

3) Scroll down to TXT (Text) section.

 

im4.png

 

4) Create a new TXT record by clicking the Quick add button

 

5) Set the Host field to the name of your subdomain (e.g. "mail" if your email address iscontact@mail.example.com), or to @ if you do not use a subdomain.

 

6) Fill the TXT Value field with your SPF record (e.g. "v=spf1 a mx include:secureserver.net ~all").

 

im5.png

 

7) Click on the Save Zone File button at the top of the page.

 

 

Note:  Please keep in mind that your hosting provider’s DNS Manager layout may look a bit different than GoDaddy’s but should essentially work in a similar manner. 

Regarding DKIM, all notifications emails generated by the application are signed with a DKIM key using the samanage.com domain.

 

Here is an example of a DKIM signature header that appears in the emails we send out:

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=samanage.com;

h=from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;

s=smtpapi; bh=K1WFyPJXRp8vRfFI52U3Sc1J6EM=; b=lXRYSOfmrigoiobWWW

pl87YYU2ZmdMu1KhkLdBgGh9Mxm7HdOgcYbBP0jWIEXaBXlFxnWwO3eMIDZAKaV8

BDWFYxUx8RHbcYH7nvhzogdtfBbBVL7eN8mLfGYQVXFxVpEAW2IhXmjY0taKB07Y

JX4z1ATjqxoO7DoSpxI/zkiqE=

 

2 people found this helpful

Attachments

    Outcomes