Remote Monitoring & Management Help

SPF Records

While Remote Monitoring & Management is not a messaging solution, the From address for both Alert and Report emails is configurable in the Mail Templates section of the Dashboard. Once setup any emails sent using this template will appear to come from your domain, particularly useful for Client facing Reports, including the Daily and Weekly Reports. However, in some cases this can potentially results in the recipient failing to receive the email where there are filtering options in place to prevent email address spoofing.

Email address spoofing is when an email’s From address is configured to use an address other than the original sender. This forgery one of the most common tactics employed by email spammers and phishers in an attempt to trick the recipient into believing the email originated from a genuine source.

Spoofed email addresses can not only cause problems for the recipient as they attempt to identify which emails are genuine, but they they may also affect the spoofed domain itself. For example legitimate emails from the domain may subsequently be flagged as potential spam and in the most extreme cases the spoofed domain blacklisted; with the subsequent detrimental effect to its reputation.

In addition to this reputational damage, the spoofed domain will also receive a flood of Non-Delivery Reports (NDRs) for these suspect emails which purport to be from the domain consuming both mail server resources to handle and system administrator time and resources to deal with.

Steps to combat email address spoofing

SPF (Sender Policy Framework) may be setup for the domain to help prevent spoofing. SPF is an open standard SMTP extension designed to prevent the forgery of the From address in emails, this is achieved by listing all possible points of origin for any email sent on behalf of the domain in the SPF record which is added in the Domain Name System (DNS).

When a Mail Exchanger (MX) receives an email (depending on its configuration) it can performs a DNS lookup to verify that the host sending the email is authorized to do so. If the IP address of an email ostensibly sent from the domain is not on this trusted list, then there is a very high possibility that the From address was spoofed and the email classified as potential spam or phishing.

As MX using DNS lookups validate the source of the email, the SPF record has the additional benefits of reducing the number of legitimate messages flagged as spam or returned by the recipient’s mail servers.

Dashboard generated emails

To ensure the emails generated by the Dashboard are accepted by the recipient’s MX as originating form a valid host, the source IP addresses of our email generating servers for your region should be whitelisted for the domain used in the From address and this can be added to the SPF record by use of our mailers A record.

Wherever possible we would recommend using the mailers DNS A record rather than list all of the IP addresses as the A record is updated whenever there is a change to the infrastructure (server decommissioned or added) so is always current. One drawback of entering the IP addresses individually is that any changes will require a manual update to the SPF record.

Mailers A Record

Territory

au.mailers.system-monitor.com

Australia

eu.mailers.system-monitor.com

Europe, France, France1, Ireland, Poland

de.mailers.system-monitor.com

Germany

hk.mailers.system-monitor.com

Hong Kong

uk.mailers.system-monitor.com

UK

us.mailers.system-monitor.com

US, Americas

Update or create the SPF Record

Updating or creating the SPF record depends on the DNS hosting company. Some will provide a self-service portal for their customer's to amend their domain information themselves (including instructions on how to achieve this in their portal's documentation) whilst other companies will only action the change once the request is submitted in writing.

To include our email generating servers in the SPF information for the domain a TXT entry is created in the SPF record pointing to the mailers A record or each individual IP address.

The below example illustrates the address format when adding our mailers DNS record.

Record Type

TXT

Address

v=spf1 a:territory.mailers.system-monitor.com mx ~all

SPF Record example

example.com.   TXT   "v=spf1 mymailer.example.com a:territory.mailers.system-monitor.com mx ~all"

Components

TXT

The DNS zone record type

v=spf1

Identifies the entry as an SPF record utilizing SPF version 1

a

All IPs defined by the A records for the domain are allowed.

mx

All servers defined by the MX records for the domain are allowed to send emails on the domain's behalf.

~all

Indicates the list is all inclusive and no other senders are authorized to send email

Where adding each IP address individually we would suggest querying the relevant territory.mailers.system-monitor.com to return the current list of IP addresses.

In Windows this may be actioned from the command line using nslookup.

Display the results on the screen:

nslookup territory.mailers.system-monitor.com

Pipe the results to a file:

nslookup territory.mailers.system-monitor.com > folder/file_name.txt

Simply replace territory.mailers.system-monitor.com with the entry that corresponds to your Dashboard region.

In addition to the SPF record, where an email security firewall is in place it may be necessary to whitelist our mail server IP addresses.

What do you want to do?