The Starting Point - Direct Email Sending from Ostendis
The Ostendis E-Recruiting solution naturally provides the ability to
send responses to job applicants via email. These responses are
technically sent from Ostendis’s mail server directly to the candidate’s address on behalf of the account holder. This also ensures that any replies are directly delivered back.
What is an SPF Record?
An SPF Record (Sender Policy Framework) allows not only your own mail server but also other mail servers to be authorized to send emails. It is a special TXT entry in the DNS (Domain Name System). That sounds very technical? It is…😉 Therefore, let’s move on to the next point.
The Permissions.
Ostendis’s email server sends emails on your behalf, which many receiving mail servers do not accept. They check whether our mail server is authorized to send emails with the foreign domain name (the part after the @ sign in the email address). Without explicit consent, this is often not allowed, and the receiving mail server rejects the email. This mechanism is very reasonable in today’s world, as it can eliminate a large portion of spam emails. The consequence: Job applicants may not receive responses from our system.
The Simple Solution.
To ensure that email responses reliably reach candidates, it is necessary for our email server to be listed in the company’s SPF record. This is also necessary for many other internet-based services that the company may use. E.g. for newsletter systems, cloud-based customer management or accounting systems, etc.
Who Must Set Up the SPF Record?
An SPF record must be created by your own IT department or the responsible partner, specifically by a person who has access to manage the DNS configuration for the domain. The HR department usually has no means to create or adjust such an SPF record themselves, which is why a request to the responsible department is often unavoidable.
How Should the SPF Record Be Set Up?
For the appropriate specialist to make the necessary configuration, a few pieces of information are needed. First, an SPF record must be created in the DNS for the corresponding domain, if it doesn’t already exist. Then, an entry for email sending from Ostendis must be created.
The emails sent from Ostendis always come from the same host:
mail.ostendis.ch / IP address: 94.231.81.6.
Here’s an example of the entry for our client mobilezone ag:
v=spf1 a:cs.mobilezone.ch a:mail.ostendis.ch
a:reservation.staging.mobilezone.ch ip4:91.193.23.134/32 include:emarsys.us
include:emsmtp.us include:spf.protection.outlook.com
include:spf.mailjet.com -all
By adding the highlighted entry, email sending from Ostendis works
without problems. We recommend entering the hostname instead of the IP address, which could change more easily, if possible.
Is Adding the Ostendis Mail Server to the SPF Record a Risk?
One must be aware that authorizing our mail server to send emails on behalf of the company represents a risk, albeit a very small one. It’s important to know that even without this SPF record, it’s possible to falsify email addresses, especially the sender!
It is, of course, in our own interest that only the desired emails are sent through our email server. Therefore, we protect our email server with all means to prevent, for example, a third party from sending spam emails through it.
Are There Other Security Mechanisms?
To better protect the email infrastructure on the internet against misuse and spam,
more and more domains are using DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance).
Using DKIM or Is It Already Set Up? We are prepared for this and have already configured it with numerous customers of ours. To do so, simply and easily contact our support.
Wie hilfreich war dieser Beitrag?