How to prevent emails from Ex Libris products being marked as suspicious
- Product: Alma Platform, Primo Classic
- Product Version: N/A
- Relevant for Installation Type: N/A
When an email is received by an SMTP server there are several security checks that occur to determine if the email is legitimate or suspicious. If an email is marked as suspicious the SMTP server may delay the delivery of the email, mark the email as ‘spam’ or not deliver the email at all. This article describes how to ensure emails from the Ex Libris cloud will not get marked as suspicious.
Emails can be sent out from Ex Libris products in one of two ways
1) With a ‘From address’ domain of @exlibrisgroup.com
2) With a branded ‘From address’ for example @institution.edu
Emails sent from our cloud with a ‘From address’ domain of @exlibrisgroup.com should not be marked as suspicious as they are signed using DKIM and Ex Libris has a DMARC policy stating that any emails that are received that do not have a DKIM signature should be rejected. Please note that both the SMTP Envelope ‘From address’ as well as the ‘header.from address’ must use the exlibrisgroup.com domain. The SMTP Envelope from address is configured in the Mail Handling integration profile and the header.from address is configured on each individual letter that is sent out. More information on configuring outgoing mail can be found here.
DMARC record:
"v=DMARC1\;p=reject\;adkim=r\;rua=mailto:mailauth-reports@exlibrisgroup.com"
Emails sent from Ex Libris that are branded with the institution’s domain can be implemented securely in the following two ways:
1) Configure the Ex Libris application to pass the email directly to the institution’s SMTP server to be authenticated under the institution’s policies. (DKIM + DMARC)
To configure the Alma Platform to pass the email to an external SMTP server, please refer to ‘configure the mail handling integration profile’ in the documentation here. Depending on the firewall policy of the institution your IT may need to open access from Ex Libris cloud to the SMTP server for the relevant port. The outgoing IP range for Alma, Primo VE and Primo Classic can be found here
2) Configure the email to be sent from the Ex Libris cloud and be authenticated using the “Sender Policy Framework” (SPF).
SPF is a method of allowing the Ex Libris cloud to send emails on behalf of the institution. When an email is received by a SMTP server, a security check is performed where the IP that had sent the email is compared to the IPs listed in the DNS record for the ‘From Address’ domain. To configure SPF, the DNS administrator of the institution needs to add the Ex Libris mail relay IP’s to the institution’s domain in a TXT record. The Ex Libris mail relay IP’s differ based on the region of the customer so the relevant ‘SPF Include Entry’ should be chosen. The different ‘SPF Include Entries’ for the different regions can be found here.
- Article last edited: 25-MAR-2021