SPF-Record

SPF-Record

About

When e-Mails with customers email-addresses are sent out of the eRecruiter via the eR-mailserver or in other words: the eRecruiter uses the eR-mailserver but the customers' e-mail-adresses, this divergence can cause problems with some recipients, because mails sent from another IP-Adress than the mailserver of our customers are often labelled as SPAM.
To avoid this occurance a SPF-Record has to be set on customers-side, which officially allows our mailserver to send mails with our customers e-mail-adresses (see below howto)

When e-Mails are sent via the customers mailserver, no SPF-Record has to be set for er-mail.erecruiter.net!
OnPremise-customers (Kaufkunden) always use their own mail-servers, therefore their IT-departments has to take care of the settings.

What to do

Check in the eR which mailserver is used:
1) goto Administration -> Miscellaneous: Mandatorsettings -> Section: SMTP & EMail-Settings -> if SMTP-Host is left empty then the eR-mailserver is used if additionally
2) in Administration (system-wide) -> Current static settings -> SmtpHost is set to 'epunkt-smtp...' or 'er-mail...'

Check the email-domain You want to sent emails from:
The email-domain is the part of the email-address behind the '@' Symbol. e.g. the email-address testname@testmail.com should be used -> the email-domain would be: 'testmail.com'. For this email-domain set the eR-SPF-Record.

A SPF-Record has to be set as a DNS-entry on the customers side. The entry holds all necessary information, so that the recipients mailserver can check if sending mails in the name of our customers is allowed. If the result is positive, mails will not be identified as SPAM. For maximum compatibility it is recommanded to set a SPF and a TXT entry, which have to look like our example:

example.com. IN TXT "v=spf1 a:er-mail.erecruiter.net ~all"
example.com. IN SPF "v=spf1 a:er-mail.erecruiter.net ~all"

Important: The eR SPF-Record has to be an 'a:' entry in your DNS settings, not an 'include'

Please CHECK Your SPF-Records

After setting the SPF-Record in your DNS please run a check on your SPF-Record. There are several tools available on the internet, e.g. mxtoolbox.com (free use).
Enter the email-domain from which emails should be send via the eR-mail-server, choose 'SPF Record Lookup' from the dropdown and click on the orange field.
The tool shows all informations about your SPF-Records.
What to check:
  1. Make sure you are checking the right email-domain you want to use!
  2. The SPF-Record-bar must be coloured green. If it is red, then there is an error in one of the settings, thus making the whole SPF-Record invalid or at least unreliable. Information below that bar gives hints on what is wrong (e.g. 'Too many lookups' etc.) In that case, correct your SPF-Record.
  3. In the SPF-Record-bar the record 'a:er-mail.erecruiter.net' must be visible, otherwise there is no valid SPF-Record set for sending via the eR-mail-server from customers addresses.

How to check with mxtoolbox:

eR-SPF-Record is set, other SPF-Records are correct


eR-SPF-Record is set, other SPF-Records have an error


more info about the error (e.g.):





    • Related Articles

    • Maintenance / Monitoring

      After the successful installation the following topic should be considered in order to setup a monitored and maintained system: Backup / Restore Directory Structure DNS Double-Opt-In Google Tag Manager Monitoring Security Recommendations SMTP ...
    • DNS

      To use your own domain for the API, the eRecruiter, the Customer Portal and/or the Applicant Portal for each application a CNAME record must set. According to the following examples the contents in the arrow brackets must be replaced with your ...
    • DKIM

      DKIM (DomainKeys Identified Mail) ist ein Authentifizierungsprotokoll für E-Mails. Für das Versenden & Empfangen von E-Mails ist DKIM mittlerweile ein Sicherheitsstandard (wie auch SPF), der garantiert, dass die E-Mail tatsächlich vom Absender ...
    • API - Company Import / Synchronize

      The XML company import is available through an endpoint on the eRecruiter API, if you have the "Companies" access level granted for your API key. General data structure One account has many locations. One location can have none, one or more contacts. ...