SPF Records

The From address for both Alert and Report emails is configurable in the Mail Templates section of the N-sight RMM Dashboard. After the From address is set up in a mail template, emails sent using the template appear to come from your domain, which is useful for Client facing Reports, including the Daily and Weekly Reports. However, in some cases this can result in the recipient failing to receive the email because there are filtering options in place to prevent email address spoofing.

Email address spoofing is when an email's From address is configured to use an address other than the original sender. This forgery is a common tactic employed by email spammers and phishers is an attempt to trick the recipient into believing the email originated from a genuine source.

Spoofed email addresses causes problems for the recipient as they attempt to identify which emails are genuine, and it may affect the spoofed domain itself. For example, legitimate emails from the domain may subsequently be flagged as potential spam and the spoofed domain may be placed on a block list.

Steps to combat email address spoofing

You can set up SPF (Sender Policy Framework) for the domain to help prevent spoofing. SPF is an open standard SMTP extension designed to prevent the forgery of the From address in emails, this is achieved by listing all possible points of origin for any email sent on behalf of the domain in the SPF record which is added in the Domain Name System (DNS).

When a Mail Exchanger (MX) receives an email (depending on its configuration) it can perform a DNS lookup to verify the host sending the email is authorized to do so. If the IP address of an email ostensibly sent from the domain is not on this trusted list, then there is a high possibility that the From address was spoofed and the email classified as potential spam or phishing.

As MX using DNS lookups validate the source of the email, the SPF record has the additional benefit of reducing the number of legitimate messages flagged as spam or returned by the recipient’s mail servers.

Dashboard generated emails

To ensure emails generated by the N-sight RMM Dashboard are accepted by the recipient’s MX as originating form a valid host, the source IP addresses of our email generating servers for your region should be allowed for the domain used in the From address and this can be added to the SPF record by use of our mailers A record.

Wherever possible we recommend you use the mailers DNS A record rather than list all of the IP addresses because the A record is updated whenever there is a change to the infrastructure (server decommissioned or added) so it is always current. One drawback of entering the IP addresses individually is that any changes will require a manual update to the SPF record.

Mailers A Record Territory
am.mailers.system-monitor.com Americas
au.mailers.system-monitor.com Australia
eu.mailers.system-monitor.com Europe, France, France1, Ireland, Poland
de.mailers.system-monitor.com> Germany
hk.mailers.system-monitor.com Hong Kong
uk.mailers.system-monitor.com UK
us.mailers.system-monitor.com US

Update or create the SPF Record

Updating or creating the SPF record depends on the DNS hosting company. Some will provide a self-service portal for their customer's to amend their domain information themselves (including instructions on how to achieve this in their portal's documentation) whilst other companies will only action the change once the request is submitted in writing.

To include our email generating servers in the SPF information for the domain a TXT entry is created in the SPF record pointing to the mailers A record or each individual IP address.

The below example illustrates the address format when adding our mailers DNS record.

Record Type

TXT

Address

v=spf1 a:territory.mailers.system-monitor.com mx ~all

SPF Record example

example.com.   TXT   "v=spf1 mymailer.example.com a:territory.mailers.system-monitor.com mx ~all"

Components

TXT

The DNS zone record type

v=spf1

Identifies the entry as an SPF record utilizing SPF version 1

a

All IPs defined by the A records for the domain are allowed.

mx

All servers defined by the MX records for the domain are allowed to send emails on the domain's behalf.

~all

Indicates the list is all inclusive and no other senders are authorized to send email

Where adding each IP address individually we would suggest querying the relevant territory.mailers.system-monitor.com to return the current list of IP addresses.

In Windows this may be actioned from the command line using nslookup.

Display the results on the screen:

nslookup territory.mailers.system-monitor.com

Pipe the results to a file:

nslookup territory.mailers.system-monitor.com > folder/file_name.txt

Simply replace territory.mailers.system-monitor.com with the entry that corresponds to your Dashboard region.

In addition to the SPF record, where an email security firewall is in place it may be necessary to allow our mail server IP addresses.

What do you want to do?