SAP Knowledge Base Article - Public

2087468 - Email Notifications: Emails Blocked or Not Delivered Due to Spam Filters, Spoofing, Bombing (mass mail), IP Address Whitelists

Symptom

  • Emails Blocked and processes to remedy
  • Emails generated by the SuccessFactors application are being blocked and not delivered to users of the application. This document provides information on possible causes and solutions on how to make sure emails are delivered to the end user and not blocked

Environment

  • BizX Platform
  • SuccessFactors Learning Management System (LMS) - All Supported Versions

Cause

  1. The clients email servers have detected the email has originated at a server other than one of their known internal servers and is blocking SF emails.
  2. Client has a limitation as to how many emails can be sent within a time period. Also known as Bombing, E-mail bomb, Mass Mail.
  3. The client uses a 3rd party email provider that could be blocking traffic at a deeper level

Resolution

WHITELIST SUCCESSFACTORS MAIL SERVERS

  1. SF IP addresses need to be allowed into the customer network. Modify firewall/spam filter etc. at the customer end to grant access to emails coming from SuccessFactors email relay IP addresses.

SPOOFING - MASQUERADING ISSUES 

  1. Even if SF servers are whitelisted, the customer may have an additional layer of security to prevent spoofing. Briefly spoofing is the act of the SuccessFactors system sending an email to a person, say a notification to the manager saying a form is due. In the FROM address it says the email is from me@mycompany.com. However the recipient company 'knows' that the email did NOT originate FROM @mycompany.com (remember it is actually originated from @successfactors.com) so it blocks it believing the message is spam, someone pretending to be me@mycompany.com.
  2. This issue can be resolved by implementing Single Sender as described below.

SINGLE SENDER:

The single sender solution is no longer used to resolve spoofing issues, as the default system FROM address changed in recent releases to always be system@successfactors.eu or system@successfactors.com (depending on which datacenter the email originated from). Therefore there can be no spooofing detected on receiving email server as the email originating domain and FROM address domains match.


However, if your business requires all emails to be sent from another email than system@successfactors.eu or system@successfactors.com, you may be using single sender to achieve this.
If this is the case, then your email server may think these emails are now spoofing emails as the FROM address domain will differ from the actual email originating domain.

In this scenario your (customer) IT team will have to perform additional security changes on the receiving email server end to make sure these emails are accepted and delivered to end-users, using the referenced solutions in this article.

SENDER POLICY FRAMEWORK (SPF)

Consider adopting DNS SPF recording. SPF is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain's administrators. Adopting SPF verification on mail servers will ensure that emails are being sent from SF (assuming customer's email notifications from SF show the sender address as only @successfactors.com). For more information please view http://en.wikipedia.org/wiki/Sender_Policy_Framework

See Also

DC8 U.S. Ashburn Data Center

  • 65.221.8.13 [prodmailb8.successfactors.com]
  • 65.221.12.128 [prodmail8c.successfactors.com]
  • 65.221.12.148 [prodmail8d.successfactors.com]
  • 65.221.8.29 [ironport.notifications.plateau.com]

DC4 U.S. Arizona Data Center

  • 70.42.227.151 [prodmail4a.successfactors.com]
  • 70.42.227.152 [prodmail4b.successfactors.com]
  • 70.42.227.138 [prodmail4b.successfactors.com]

DC2 EU Amsterdam Data Center

  • 213.52.186.141[prodmail2a.successfactors.eu]
  • 213.52.186.142 [prodmail2b.successfactors.eu]
  • 188.95.96.121 [successfactors.eu/performancemanager5]
  • Note: These must be added to ALL servers. (Primary mail server and any secondary mail servers.)

DC10 Sydney Data Center

  • 210.80.140.141 [prodmail10a.successfactors.com]
  • 210.80.140.142 [prodmail10b.successfactors.com]

DC12 EU Rot Data Center

  • 155.56.221.13 [prodmail012a.successfactors.eu]
  • 155.56.221.14 [prodmail012b.successfactors.eu]

DC15 Data Center

  • 180.153.153.112 [ mail15a.sapsf.cn ]
  • 180.153.153.113 [ mail15b.sapsf.cn ]

DC16 Data Center

  • 46.29.102.130 [prodmail16a.sapsf.eu]
  • 46.29.102.131 [prodmail16b.sapsf.eu]

DC17 Data Center

  • 157.133.48.19 [mail17a.sapsf.com]
  • 157.133.48.20 [mail17b.sapsf.com]

DC18 Data Center

  • 157.133.1.19 [mail18a.sapsf.com] 
  • 157.133.1.20 [mail18a.sapsf.com]

Keywords

email, mail, exchange, smtp, blocked, ip, whitelist, firewall, sender, spoofing , KBA , whitelist , ips , ip address , sf email notifications , LOD-SF-PLT , Foundational Capabilities & Tools , LOD-SF-LMS-ADM , Admin Tools , How To

Product

SAP SuccessFactors HCM Core all versions ; SAP SuccessFactors Learning all versions