Helpdesk communication and DMARC policies
Due to ever tightening security standards all over IT, there are logical consequences for Easy applications. This article is about email communication via Helpdesk on Easy Redmine Cloud.
Email verification tightening
One of the main features of Helpdesk is email communication with your clients via tickets in Easy Redmine. The part concerning email communication on Easy Cloud applications is managed by Easy Software's SMTP servers. This is where a conflict may arise...
A popular email validation mechanism called DMARC, is being widely implemented in many companies and email services (rightly so). This mechanism checks (among others) whether the incoming email is not spoofed. Some Helpdesk features use mail spoofing (not for spamming, but for regular communication with your clients).
Here is an example
Application runs on Easy Cloud, http://mycompany.easyredmine.com. This Cloud application uses an Easy SMTP server for mail notifications smtp2.easyredmine.com. There is a user in the application who works as a support agent - firstname.lastname@example.org. Helpdesk is configured the following way:
Marky is going to write a message to a customer via Helpdesk. Based on the setting above, he is automatically entered as the sender.
Julia's receiving email server has DMARC verification. It compares the SMTP server (smtp2.easyredmine.com) and the proclaimed mail sender (email@example.com). Since these two domains are different, the email is considered unsafe, DMARC blocks the email before it reaches Julia (and she is left without an answer).
What does it mean
Free email services such as Gmail, already have DMARC enabled. Also, more and more companies gradually implement DMARC. As a result, some emails from your Easy Redmine Helpdesk on Cloud may not reach your clients.
How to solve it on Easy Cloud
There are quick solutions and long term ones.
Quickest - Change Helpdesk setting
Go to More >> Help desk >> Help desk settings and change mail sender to "Default from mail notification"
Then, go to Administration >> Settings >> Email notifications - Notification email address (FROM). The address should be in form @notifications.easysoftware.com. If you have already changed notification address to a custom domain, move on to the next solution.
Simple and stable - configure Sender Policy Framework (SPF)
The most effective solution in terms of effort and reward is adding via SPF. We have already described it in a previous article.
As per our example above, you would add to your SPF record:
This practically allows Easy Cloud SMTP to put your domain as a sender of emails without being considered suspicious. As a result DMARC of your client Julia (from our example) will accept the email from Helpdesk (Marky).
Ultimate solution - own SMTP
If your Cloud application uses your own SMTP server, there will be no conflict in the allowed domains. When you use a set multiple domains, you should have all of them allowed.
Own SMTP on Easy Cloud is achievable, but the most complicated of the available solutions. It may cause some limitations, e.g. automatic application update delivery.
How to solve it on Server solution
Just to have this article complete, we are mentioning that solution on your own server already requires you to configure your own SMTP. Therefore, most likely you have already avoided this problem. Just in case, though, you may want to verify your SPF records, that all your relevant domains are allowed.