Setup FBO One as a valid email sender for your domain Setup (using SPF and whitelisting)

FBO One sends email messages on behalf of the FBO. Examples of these messages are Handling confirmationssupply orders, invoices, movement messagesnew contact emails and backup documents

To prevent that the receiving mail server marks the messages sent by FBO One as spam, you need to mark the Amsterdam Software mail server as a valid mail server for your domain. To do this you have to enter a 'SPF' record in your DNS configuration.

Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain's administrators.

How to check if SPF has been set up in your domain

Go to the page MENU | Administration | Check DNS email records. This page lists all sender-domains in use. SPF is set up correctly if the line that starts with "v=spf1" has the status Success.

To manually do this check, run a windows command prompt, as shown below:

Above, we entered the following commands:

nslookup			# this starts the nslookup program
set type=TXT		# this will show all the text entries
<domain name>       # In this example: jetcenter.nl. Replace with your own actual domain name. This will lookup the entries for the domain specified
quit				# quit nslookup

In the response, the v=spf1 records shows that _spf.fboone.aero is indeed included.

jetcenter.nl    text =
        "v=spf1  mx  a:mail.jetcenter.nl include:_spf.fboone.aero  ~all"

Adding the FBO One servers to an existing SPF record 

If you already have an SPF record in your domain, you only have to add the following in that record:

include:_spf.fboone.aero

Only one SPF record is allowed. If you already have an existing SPF record, simply amend with additional "includes", do not create extra records. 

Correct / one record:
"v=spf1 include:spf.protection.outlook.com include:_netblocks.mimecast.com include:_spf.fboone.aero ~all"


Incorrect / two or more records:
"v=spf1 include:spf.protection.outlook.com include:_netblocks.mimecast.com ~all"
"v=spf1 include:_spf.fboone.aero ~all"

Creating a new SPF record

If you have to create a new SPF record, it should be formatted as below. Replace the value a:mail.isp.com  with your actual mail server(s).

yourdomain.  IN  TXT  "v=spf1  mx  a:mail.isp.com  include:_spf.fboone.aero  ~all"

In this record each part has the following meaning:

for example yourdomain: thejetcenter.com.
Your domain name, usually in DNS configuration with a trailing dot.

IN
As in every DNS record indicates this is an INternet record.

TXT
The record type, in this case TXT. When SPF was designed there was no specific SPF record type, so TXT was used.

mx
This will allow mail from every server that is mentioned in the MX records for your domain. If the same mailservers that handle inbound mail also handle outbould, you'll want this in the SPF record. By specifying another domain after : you could even include the MX records of another domain.

a:mail.isp.com
Using an 'a' (for an DNS A-record lookup) you can allow mail from any other server name you want. If you have different outbound mailservers, or other machines that can send mail from your domain, this is the way to do it. There are also ways to allow an IPv4 network range for example. When your inbound (mx) mailservers are sending the mail as well, and you don't use any external mailservices or have any other mail-sending servers, you may not need this part at all.

include:_spf.fboone.aero
This will include the servers of Amsterdam Software that can send mail on behalf of FBO One, so this is the important part. If you already have an SPF record, this is the (only) part you should add.

~all
This part declares mail from the mentioned servers is all that should be accepted as originating from  your domain. Thats why you should very carefully insert all your current mailservers in the SPF record.

Whitelist the FBO One email servers in your corporate email server

It may happen that your corporate email server rejects messages sent by FBO One as an additional anti-spoofing measure on top of the SPF mechanism. If this is the case, all your clients will properly receive messages sent by FBO One, but you can't receive messages in your in-house mail box. This happens if the mail server is configured to reject inbound messages from email servers sent from addresses that have the same domain name as the corporate email server uses. To solve this issue, the administrator of the email server needs to white-list the the mail servers used by FBO One. This is the list of servers to be white listed:

cbvpn1.fbo1.io 
cbvpn2.fbo1.io 
mail.dvxp.com
smtp2.dvxp.com
azuresw1.eastus2.cloudapp.azure.com


See also

Setting up FBO One for sending email in your name

http://en.wikipedia.org/wiki/Sender_Policy_Framework