This article is only relevant to TeamDynamix SaaS Cloud (hosted) customers!
If you are an on-premise (installed) customer, this article is not relevant to you! Your mail setup and SPF records are completely in your control. It would in fact be detrimental to complete any of the steps outlined in this article!
What is SPF?
Sender Policy Framework (SPF) uses DNS TXT records to define which IP addresses are allowed to send email on behalf of your domain.
Why Do I Need to Worry About This? TeamDynamix is a Cloud Product
If you plan to send mail out of TeamDynamix using your own (custom) mail server setup, you may need to update your SPF records. This especially applies if you are sending mail through a connector or SMTP relay. The reason is that even though the mail is coming through your mail server, it shows an upstream source of a TeamDynamix system. If your SPF records are not explicitly allowing this, mail may fail SPF checks, thus prevent it from being delivered to the recipient.
For connectors, it is most likely that you will need SPF records if you used a Partner Organization connector (internal mail only). If you are using a From My Own Email Servers connector, you may need an SPF record still. In the latter scenario, monitor to see if SPF checks are failing, or if mail is regularly going to spam/junk folders, and make a determination based upon your findings.
This may not be needed if your custom mail setup uses authenticated sending. For authenticated SMTP, try setting this up without the TeamDynamix SPF records first. If you run into issues with failed SPF checks, go ahead and add the TeamDynamix SPF records into your existing ones (as outlined below).
How Do I Address This?
If you already have an SPF record for your domain, you'll need to add an include statement to authorize TeamDynamix systems to send email through your servers. We have created SPF helper records, for easy inclusion in your current SPF record, which can be found below. Note that you only need to use one of these. Use the appropriate item depending on which TeamDynamix SaaS region your tenant is in.
Let's say for example that you have an SPF record that looks something like this:
domain: example.com
value: v=spf1 ip4:1.2.3.4 -all
This means that mail clients will accept example.com emails only if they come from the IP address 1.2.3.4. Mail from anywhere else will be rejected. Of course, this becomes a problem if you want others to send mail on your behalf, such as when setting up a connector for the TeamDynamix application to send mail through. To allow TeamDynamix to send email using your domain, you would need to modify your SPF record so it has an include statement that imports the list of IP addresses that TeamDynamix systems may send mail from. Continuing from the previous example, adding an include statement would look something like one of the following examples.
United States:
domain: example.com
value: v=spf1 ip4:1.2.3.4 include:_spf-eus.teamdynamix.com -all
Canada:
domain: example.com
value: v=spf1 ip4:1.2.3.4 include:_spf-cac.teamdynamix.com -all
By inserting the include statement into your SPF record, TeamDynamix IP addresses will be authorized to send email for your domain. Keep in mind that the -all statement should always go at the end of the SPF record.
Caveats
Keep in mind that all of the normal SPF DNS record rules still apply. These include restrictions like:
- SPF records can only contain a max of 255 characters each
- You should not exceed 10 SPF records
If your current SPF records already are near their character limits, you may have to look into SPF record chaining to get the TeamDynamix records included.