Configure DNS Records for N-sight RMM email notifications

When you change the From address in your Mail Templates, for example to an email address from your domain, it can result in the email being classified as coming from a spoofed domain. Your recipients may fail to receive the email because of filtering intended to prevent email address spoofing.

If you use a custom From address in a mail template, you must ensure the address exists. If the From address does not exist, our sender verification check may fail. For reference, the default mail server for the From address is alert@remote.management.

You can set up Sender Policy Framework (SPF) for the domain to help prevent spoofing. SPF is an email authentication method to prevent spammers from sending messages on behalf of your domain. An SPF record lists all authorized hostnames / IP addresses that are permitted to send email on behalf of your domain.

To ensure emails generated by N-sight RMM are accepted by your recipient’s mail exchangers as originating from a valid host, we recommend you set up SPF for the N-sight RMM.

Set up SPF for N-sight RMM

If you have an existing SPF record, ensure the following is added between v=spf1 and -all:

include:_spf.remote.management

If you do not have an SPF record, you need to create a TXT record (DNS record type 16) with the following data:

v=spf1 include:_spf.remote.management -all

The record must contain:

Component Description
v=spf1 Version of the SPF record
include:_spf.remote.management Allows use of the N-sight RMM server SPF record
all The all mechanism is required but you can select the following options:
  • —all (hard fail)
  • ~all (soft fail)

When the SPF record is written, publish the SPF record (TXT record) to the authoritative DNS server for your domain. Instructions on how this can be done will differ from each domain provider. For assistance, please contact your domain provider.

Configure CNAME Records to use DKIM for N-sight RMM Alert Emails

DKIM is an email authentication method designed to verify email content as well detect forged sender addresses in email. When signing outgoing messages with DKIM, recipients can verify a respective message is from the sender it claims to be from and that the content of the message has not been modified.

There are several advantages to using DKIM to sign outgoing emails:

  • The recipient is able to verify that the message originated from the specified sender
  • The recipient is able to verify that the message content (and important headers e.g. the subject) has not been altered
  • It lowers the chance of the email being identified as spam

If a spammer is trying to abuse a domain or email address, using DKIM reduces the chances of spam getting through. Many email servers check for a valid DKIM signature on incoming email.

DKIM adds a signature to the email headers. This signature contains a hashed value of the content (both headers and the body). When a server that is checking for DKIM receives an email, it does the following:

  1. Retrieves the public key from the DNS of the sending domain
  2. Uses the key to decrypt the signature
  3. Verifies the content

N-able N-sight RMM email notification systems use DKIM signing . In order for your custom sender addresses to pass DKIM checks, you will need to add 3 CNAME records in your domain configuration.

Type Hostname Value TTL
CNAME nsight1._domainkey.<yourdomainhere> nsight1._domainkey.remote.management System default or 3600 seconds
CNAME nsight2._domainkey.<yourdomainhere> nsight2._domainkey.remote.management System default or 3600 seconds
CNAME nsight3._domainkey.<yourdomainhere> nsight3._domainkey.remote.management System default or 3600 seconds

 

If you have an email security firewall in place, we recommend you allow our mail server for N-sight RMM.

What do you want to do?