EBS: When Using the "Custom From Email" Feature, Emails From Everbridge Suite May Be Flagged as Security Risks for Organizations on "manager.everbridge.net"

Problem

Your email server is flagging emails sent from "manager.everbridge.net" as security risks.

Root Cause

For emails sent from Everbridge Suite, Everbridge adds a DKIM signature based on its own domain. For example, this is what DKIM signature in the email header looks like:

For Organizations on "manager.everbridge.net" (NOT "manager.everbridge.eu") that have the premium Custom From Email feature enabled, the domain "everbridge.net" in the DKIM signature does not match the custom domain in the "Return-Path" (also known as "envelope FROM"), which causes DMARC misalignment. The text "dmarc=fail" in the email header indicates DMARC misalignment.

For instructions on opening the email header in Microsoft Outlook (where these metadata can be found), please see the GIF at the bottom of this article.

Workaround

This misalignment may require special handling by the receiving email servers if those servers validate DMARC. Everbridge is aware of this misalignment and is exploring options to address it in the future.

See EBS: Everbridge Permit Listing Best Practices for more information on how to improve email security by permit-listing Everbridge domains.

Key Terms

DKIM: DomainKeys Identified Mail (a method of validating the identity of email senders to avoid spoofing)

DKIM signature: A block of text in the header of an email that, when decrypted, validates the identity of the sender of the email

DKIM certificate: A public-private key pair, the private key of which is used to generate the encrypted DKIM signature and the public key to decrypt the DKIM signature

DMARC: Domain-based Message Authentication, Reporting, and Conformance (another layer of security on top of DKIM)

Email Header: In addition to the commonly known fields of an email message, such as the "From", "Subject", and message body fields, all emails also contain a number of fields which are not typically shown by default by most email clients. However, all email clients do provide the ability to view an email's fields in their entirety. Depending on the email client, this may be referred to as "Internet Headers" (MS Outlook), "Raw message" (Yahoo Mail), "Original message" (Gmail), and so forth.

This GIF demonstrates how to locate an email header in MS Outlook, which contains the email's DKIM signature and DMARC validation status. This will vary by email provider.

Was this article helpful?
0 out of 0 found this helpful

Article Feedback


While we can’t respond to you directly, we’d love to know how we can improve the article.

Please sign in to leave a comment.