Avatar of Kevin Caldwell
Kevin Caldwell
Flag for United States of America asked on

How to tell the internet than an IP is safe.

Hi Experts.
I am doing work for a manufacturer.  They have email that is hosted by the ISP, so it is not in house.
I have a legacy system (AS400/iseries) that is in-house that I am sending emails out to vendors for Purchase orders.  The system creates PDF's then creates the email and sends out.  So it does not go thru the regular email system.    
So, we have had some emails not get delivered and some bounce back.  I have gone thru the option to tell Office 365 to whitelist the ip address we are sending from.    
The question is, Can we tell the world that our IP is safe via DNS in some way?   Otherwise, we are going to have to send emails to companies that we get kickbacks from and request that they white list us.  Issue is small now, but I am getting ready to add customer service to emailing invoices, etc too and it is only going to get bigger.
Microsoft 365Email ServersIBM System i

Avatar of undefined
Last Comment
Kevin Caldwell

8/22/2022 - Mon
Dmitri Farafontov

Adding SPF records to your DNS would be a great start
https://en.wikipedia.org/wiki/Sender_Policy_Framework
Pawan Kumar

You can use HTTPS for your site. It is secure version of HTTP.

Read more details about this from Wiki-

https://en.wikipedia.org/wiki/HTTPS
Gary Patterson, CISSP

Some mail systems do a lookup on the IP address and see if it is associated with a DNS MX record associated with the domain.  Some use SPF, as noted above.  In both cases, they want to see that the IP address that is establishing an SMTP connection has something in DNS that they can use to verify that the IP is associated with the domain found in FROM addresses.

Best practice is to just forward all mail through the same mail server(s).  The rest of the business forwards mail through the ISP, so, if possible, it would be best to just configure the iSeries to just do the same thing.  Is there an in-house mail server (Exchange, for example), or does each user actually have a mailbox with the ISP?

(Mail isn't delivered over HTTPS, so HTTPS has nothing to do with this conversation.)
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
SOLUTION
Mal Osborne

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Theo Kouwenhoven

Use an existing Reply-To address on the companies mailserver, most of the time that will be enough
ASKER CERTIFIED SOLUTION
David Favor

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Kevin Caldwell

ASKER
I will work on the SPF creation and hopefully get it in place early next week.  
Kevin
David Favor

Be sure to user the DMarician tool to verify your SPF records.

I've been setting up mail systems since the mid 1990s + I still check every step of my work, as producing high deliverability email requires many steps + each must be 100% correct, or all subsequent steps make no difference.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Kevin Caldwell

ASKER
Thanks so much for the recommendations.  I need to work on this and get it live.