- LMS email notifications
- Notifications are not received
- Emails Blocked and processes to remedy
- Do not receive the LMS notifications
- Emails generated by the SuccessFactors application are being blocked and not delivered to users of the application. This document provides information on possible causes and solutions on how to make sure emails are delivered to the end user and not blocked
SAP SuccessFactors BizX Platform
- SAP SuccessFactors Learning Management System (LMS)
- SAP SuccessFactors Recruiting Management
- The clients email servers have detected the email has originated at a server other than one of their known internal servers and is blocking SF emails.
- Client has a limitation as to how many emails can be sent within a time period. Also known as Bombing, E-mail bomb, Mass Mail.
- The client uses a 3rd party email provider that could be blocking traffic at a deeper level
WHITELIST SUCCESSFACTORS MAIL SERVERS
- SF IP addresses need to be allowed into the customer network. Modify firewall/spam filter etc. at the customer end to grant access to emails coming from SuccessFactors email relay IP addresses.
SPOOFING - MASQUERADING ISSUES
- Even if SF servers are whitelisted, the customer may have an additional layer of security to prevent spoofing. Briefly spoofing is the act of the SuccessFactors system sending an email to a person, say a notification to the manager saying a form is due. In the FROM address it says the email is from email@example.com. However the recipient company 'knows' that the email did NOT originate FROM @mycompany.com (remember it is actually originated from @successfactors.com) so it blocks it believing the message is spam, someone pretending to be firstname.lastname@example.org.
- This issue can be resolved by implementing Single Sender as described below.
The single sender solution is no longer used to resolve spoofing issues, as the default system FROM address changed in recent releases to always be email@example.com or firstname.lastname@example.org (depending on which datacenter the email originated from). Therefore there can be no spooofing detected on receiving email server as the email originating domain and FROM address domains match.
However, if your business requires all emails to be sent from another email than email@example.com or firstname.lastname@example.org, you may be using single sender to achieve this.
If this is the case, then your email server may think these emails are now spoofing emails as the FROM address domain will differ from the actual email originating domain.
In this scenario your (customer) IT team will have to perform additional security changes on the receiving email server end to make sure these emails are accepted and delivered to end-users, using the referenced solutions in this article.
SENDER POLICY FRAMEWORK (SPF)
Consider adopting DNS SPF recording. SPF is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain's administrators. Adopting SPF verification on mail servers will ensure that emails are being sent from SF.
Example, The customer's mail administrator needs to add SF outgoing IP list to their spf record with the included parameter:
v=spf1 include:_spf-sfdc.successfactors.com ~all (or successfactors.eu depending). For more information please view http://en.wikipedia.org/wiki/Sender_Policy_Framework
Do we support Domain Keys or Domain Key Identified Mail (DKIM)?
Yes, our email security filters support DKIM signing. This would need to be configured on a per domain basis.
These are subject to change and would require Operations to provide IPs for temporary whitelisting:
DC8 U.S. Ashburn Data Center
- 220.127.116.11 [prodmailb8.successfactors.com]
- 18.104.22.168 [prodmail8c.successfactors.com]
- 22.214.171.124 [prodmail8d.successfactors.com]
- 126.96.36.199 [ironport.notifications.plateau.com]
DC4 U.S. Arizona Data Center
- 188.8.131.52 [prodmail4a.successfactors.com]
- 184.108.40.206 [prodmail4b.successfactors.com]
DC2 EU Amsterdam Data Center
- 220.127.116.11 [prodmail2b.successfactors.eu]
- 18.104.22.168 [successfactors.eu/performancemanager5]
- Note: These must be added to ALL servers. (Primary mail server and any secondary mail servers.)
DC10 Sydney Data Center
- 22.214.171.124 [prodmail10a.successfactors.com]
- 126.96.36.199 [prodmail10b.successfactors.com]
DC12 EU Rot Data Center
- 188.8.131.52 [prodmail012a.successfactors.eu]
- 184.108.40.206 [prodmail012b.successfactors.eu]
DC15 Data Center
- 220.127.116.11 [ mail15a.sapsf.cn ]
- 18.104.22.168 [ mail15b.sapsf.cn ]
DC16 Data Center
- 22.214.171.124 [prodmail16a.sapsf.eu]
- 126.96.36.199 [prodmail16b.sapsf.eu]
DC17 Data Center
- 188.8.131.52 [mail17a.sapsf.com]
- 184.108.40.206 [mail17b.sapsf.com]
DC18 Data Center
- 220.127.116.11 [mail18a.sapsf.com]
- 18.104.22.168 [mail18a.sapsf.com]
DC19 Data Center
- 22.214.171.124 [mail19a.sapsf.com]
- 126.96.36.199 [mail19b.sapsf.com]
DC22 Data Center
- 188.8.131.52 [prodmail022a.sapsf.com]
- 184.108.40.206 [prodmail022b.sapsf.com]
DC23 Data Center
- 220.127.116.11 [prodmail023a.sapsf.com]
- 18.104.22.168 [prodmail023b.sapsf.com]
DC42 Data Center
- 22.214.171.124 [prodmail42a.sapsf.com]
- 126.96.36.199 [prodmail42b.sapsf.com]
DC44 Data Center
- 188.8.131.52 [prodmail44a.sapsf.com]
- 184.108.40.206 [prodmail44b.sapsf.com]
sf success factors lms learning e-mail, mail, exchange, smtp, blocked, ip, whitelist, firewall, sender, spoofing, SF Notifications white list IPs , KBA , sf email notifications , whitelist , ip address , ips , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-LMS , SuccessFactors Learning , LOD-SF-LMS-ADM , Admin Tools , LOD-SF-LMS-NOT , Notifications , LOD-SF-RCM-EML , Recruiting Emails and Notifications , How To