- Email notifications are not being received
- Emails are being blocked. How can this be remedied?
- Emails generated by the SuccessFactors application are not delivered to users of the application.
- This KB article provides information on possible causes and solutions regarding how to make sure emails are delivered to end users.
- SAP SuccessFactors HCM Suite
SAP SuccessFactors Learning Management System
- SAP SuccessFactors Recruiting Management
- The client's email servers detected email originated at a server other than one of their known internal servers and is blocking SF emails.
- Client has a limitation as to how many emails that can be sent within a time period, also known as Bombing, E-mail bomb, and Mass Mail.
- The client uses a 3rd party email provider that could be blocking traffic at a deeper level.
WHITELIST SUCCESSFACTORS MAIL SERVERS
- SF IP addresses need to be allowed into the customer network.
- Modify firewall/spam filter etc at the customer end to grant access to emails coming from SuccessFactors email relay IP addresses.
SPOOFING - MASQUERADING ISSUES
- Even if SF servers are white-listed, the customer may have an additional layer of security to prevent spoofing. Briefly, spoofing is the act of the SuccessFactors system sending an email to a person, say a notification to the manager saying a form is due. In the FROM address it says the email is from email@example.com. However, the recipient company 'knows' that the email did NOT originate FROM @mycompany.com (remember it is actually originated from @successfactors.com) so it blocks it believing the message is spam, someone pretending to be firstname.lastname@example.org.
- This issue can be resolved by implementing Single Sender as described below.
- The single sender solution is no longer used to resolve spoofing issues, as the default system FROM address changed in recent releases to always be email@example.com or firstname.lastname@example.org (depending on which datacenter the email originated from).
- Therefore there can be no spoofing detected on the receiving email server as the email originating domain and FROM address domains match.
- However, if your business requires all emails to be sent from another email than email@example.com or firstname.lastname@example.org, you may be using single sender to achieve this.
- If this is the case, your email server may think these emails are now spoofing emails as the FROM address domain will differ from the actual email originating domain.
- In this scenario your IT Department will have to perform additional security changes on the receiving email server end to make sure these emails are accepted and delivered to end-users, using the referenced solutions in this article.
SENDER POLICY FRAMEWORK (SPF)
- Consider adopting DNS SPF recording. SPF is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.
- SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS).
- Mail exchangers use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain's administrators.
- Adopting SPF verification on mail servers will ensure that emails are being sent from SF.
Example: A customer's mail administrator needs to add SF outgoing IP list to their spf record with the included parameter:
v=spf1 include:_spf-sfdc.successfactors.com ~all (or successfactors.eu depending)
Note: For more information please view http://en.wikipedia.org/wiki/Sender_Policy_Framework
Do we support Domain Keys or Domain Key Identified Mail (DKIM)?
- Yes, our email security filters support DKIM signing.
- This would need to be configured on a per domain basis.
- Please see KBA 2688533 - SAP SuccessFactors Email Security - DKIM and SPF
These are subject to change and would require Operations to provide IPs for temporary white-listing:
DC8 U.S. Ashburn Data Center
- 126.96.36.199 [prodmailb8.successfactors.com]
- 188.8.131.52 [prodmail8c.successfactors.com]
- 184.108.40.206 [prodmail8d.successfactors.com]
- 220.127.116.11 [ironport.notifications.plateau.com]
DC4 U.S. Arizona Data Center
- 18.104.22.168 [prodmail4a.successfactors.com]
- 22.214.171.124 [prodmail4b.successfactors.com]
DC2 EU Amsterdam Data Center
- 126.96.36.199 [prodmail2b.successfactors.eu]
- 188.8.131.52 [successfactors.eu/performancemanager5]
- Note: These must be added to ALL servers. (Primary mail server and any secondary mail servers.)
DC10 Sydney Data Center
- 184.108.40.206 [prodmail10a.successfactors.com]
- 220.127.116.11 [prodmail10b.successfactors.com]
DC12 EU Rot Data Center
- 18.104.22.168 [prodmail012a.successfactors.eu]
- 22.214.171.124 [prodmail012b.successfactors.eu]
DC15 Data Center
- 126.96.36.199 [ mail15a.sapsf.cn ]
- 188.8.131.52 [ mail15b.sapsf.cn ]
DC16 Data Center
- 184.108.40.206 [prodmail16a.sapsf.eu]
- 220.127.116.11 [prodmail16b.sapsf.eu]
DC17 Data Center
- 18.104.22.168 [mail17a.sapsf.com]
- 22.214.171.124 [mail17b.sapsf.com]
DC18 Data Center
- 126.96.36.199 [mail18a.sapsf.com]
- 188.8.131.52 [mail18a.sapsf.com]
DC19 Data Center
- 184.108.40.206 [mail19a.sapsf.com]
- 220.127.116.11 [mail19b.sapsf.com]
DC22 Data Center
- 18.104.22.168 [prodmail022a.sapsf.com]
- 22.214.171.124 [prodmail022b.sapsf.com]
DC23 Data Center
- 126.96.36.199 [prodmail023a.sapsf.com]
- 188.8.131.52 [prodmail023b.sapsf.com]
DC42 Data Center
- 184.108.40.206 [prodmail42a.sapsf.com]
- 220.127.116.11 [prodmail42b.sapsf.com]
DC44 Data Center
- 18.104.22.168 [prodmail44a.sapsf.com]
- 22.214.171.124 [prodmail44b.sapsf.com]
sf success factors, LMS, RCM, PLT, platform, BizX, biz x, SPF, e-mail, exchange, smtp, white list, firewall, fire wall , KBA , sf email notifications , whitelist , ip address , ips , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-LMS , Learning Management System , LOD-SF-LMS-ADM , Admin Tools , LOD-SF-LMS-NOT , Notifications , LOD-SF-RCM-EML , Recruiting Emails and Notifications , How To