1. Everbridge
  2. Knowledge
  3. Administration
  4. Security

EB360: When Using the "Custom From Email" Feature, Emails From Everbridge Suite May Be Flagged as Security Risks for Organizations on "manager.everbridge.net"

Updated
Terry Branoff
Optimized Resolution Standard Resolution High Resolution

Problem

Your email server is flagging emails sent from manager.everbridge.net as security risks.

Root Cause

For emails sent from Everbridge Suite, Everbridge adds a DKIM signature based on its own domain. For example, this is what the DKIM signature in the email header looks like:

Example DKIM signature in email header

For Organizations on manager.everbridge.net (NOT manager.everbridge.eu) that have the premium Custom From Email feature enabled, the domain everbridge.net in the DKIM signature does not match the custom domain in the Return-Path (also known as "envelope FROM"), which causes DMARC misalignment. The text dmarc=fail in the email header indicates this DMARC misalignment.

Example DMARC fail in email header

When DMARC misalignment occurs and the recipient organization's DMARC policy is configured with a strict action (for example, p=reject), the receiving email system may:

  • Reject or drop the message outright (no delivery to the inbox)

  • Apply prominent security warnings to the message

For instructions on opening the email header in Microsoft Outlook (where SPF, DKIM, and DMARC metadata can be found), please see the GIF at the bottom of this article.

Workaround

This misalignment may require special handling by the receiving email servers if those servers validate DMARC. Everbridge is aware of this misalignment and is exploring options to address it in the future.

See EBS: Everbridge Permit Listing Best Practices for more information on how to improve email security by permit-listing Everbridge domains.

After any changes are made, you can confirm successful authentication for a Custom From Email configuration by checking the email headers of a test message and verifying results such as:

  • spf=pass for the sender/subdomain

  • dkim=pass with a DKIM header.d that matches your configured subdomain

  • dmarc=pass or another DMARC result that allows delivery (for example, a reporting-only policy)

Key Terms

DKIM: DomainKeys Identified Mail (a method of email authentication that helps verify the identity of email senders to avoid spoofing and proves that an email message was not altered in transit).

DKIM signature: A block of text in the header of an email that, when decrypted, validates the identity of the sender of the email.

DKIM certificate: A public-private key pair, the private key of which is used to generate the encrypted DKIM signature and the public key to decrypt the DKIM signature.

DMARC: Domain-based Message Authentication, Reporting, and Conformance (another layer of security on top of DKIM that helps prevent email spoofing and improves email deliverability).

SPF: Sender Policy Framework (an email authentication method that specifies which mail servers are authorized to send email on behalf of your domain).

Email Header: In addition to the commonly known fields of an email message, such as the "From", "Subject", and message body fields, all emails also contain a number of fields which are not typically shown by default by most email clients. However, all email clients do provide the ability to view an email's fields in their entirety. Depending on the email client, this may be referred to as "Internet Headers" (MS Outlook), "Raw message" (Yahoo Mail), "Original message" (Gmail), and so forth.

This GIF demonstrates how to locate an email header in MS Outlook, which contains the email's DKIM signature and DMARC validation status. This will vary by email provider.

GIF showing how to view email headers in Microsoft Outlook

Was this article helpful?
0 out of 0 found this helpful