- Product: Alma Platform, Primo Classic
- Product Version: N/A
- Relevant for Installation Type: N/A
When an email is received by an SMTP server there are several security checks that occur to determine if the email is legitimate or suspicious. If an email is marked as suspicious the SMTP server may delay the delivery of the email, mark the email as ‘spam’ or not deliver the email at all. This article describes how to ensure emails from the Ex Libris cloud will not get marked as suspicious.
Emails can be sent out from Ex Libris products in one of two ways
1) With a ‘From address’ domain of @exlibrisgroup.com
2) With a branded ‘From address’ for example @institution.edu
*For customers using Primo Classic, we recommend changing the value of default.email.form in the 'Send Email and Sms' code table from default "email@example.com" to a more appropriate value for your institution, or "firstname.lastname@example.org".
DKIM is currently supported for both of the above methods. Emails sent from our cloud with a ‘From address’ domain of @exlibrisgroup.com should not be marked as suspicious as they are signed using DKIM and Ex Libris has a DMARC policy. Please note that both the SMTP Envelope ‘From address’ as well as the ‘header.from address’ must use the same domain. The SMTP Envelope from address is configured in the Mail Handling integration profile and the header.from address is configured on each individual letter that is sent out. More information on configuring outgoing mail can be found here.
Please note that since late 2023, email services like GMAIL are gradually encouraging DKIM/SPF compliance (see details here: https://support.google.com/a/answer/174124?hl=en&sjid=15453546060050396344-EU). This may impact your patron’s user experience.
If you want to have a DKIM-compliant setup with a custom domain, the recommended method is to configure the Alma mail integration profile with the "Send using institution email relay" option and implement DKIM on your institutional email relay.
Emails sent from Ex Libris that are branded with the institution’s domain can be implemented securely in the following two ways:
i) Configure the Ex Libris application to pass the email directly to the institution’s SMTP server to be authenticated under the institution’s policies (DKIM + DMARC).
To configure the Alma Platform to pass the email to an external SMTP server, please refer to ‘configure the mail handling integration profile’ in the documentation here. Depending on the firewall policy of the institution your IT may need to open access from Ex Libris cloud to the SMTP server for the relevant port. The outgoing IP range for Alma, Primo VE and Primo Classic can be found here .
ii) Configure the email to be sent from the Ex Libris cloud and be authenticated using the “Sender Policy Framework” (SPF) and DKIM.
SPF is a method of allowing the Ex Libris cloud to send emails on behalf of the institution. When an email is received by a SMTP server, a security check is performed where the IP that had sent the email is compared to the IPs listed in the DNS record for the ‘From Address’ domain. To configure SPF, the DNS administrator of the institution needs to add the Ex Libris mail relay IP’s to the institution’s domain in a TXT record. The Ex Libris mail relay IP’s differ based on the region of the customer so the relevant ‘SPF Include Entry’ should be chosen. The different ‘SPF Include Entries’ for the different regions can be found here.
DKIM, or DomainKeys Identified Mail, serves as an email authentication method specifically designed to identify fraudulent sender addresses in emails, addressing the issue of email spoofing. Once the DKIM functionality is activated for your institution, the Mail-Handling Integration-Profile will include support for DKIM digital signatures in outgoing emails. Configuration instructions can be found here.
For more information, see Outgoing emails configuration.
- Article last edited: 23-JAN-2024