|What is accomplished by adding domains to Essentials, considerations for adding domains, domain criteria and the impact of domains on the Outbound Relaying feature.
See below for information on:
What is a domain name?
A domain name is a unique identifier to an organization. A company can have multiple domain names.
A domain allows to be identified on the internet and users within the domain can receive email.
What adding domains accomplishes
Adding domains to Proofpoint Essentials accomplishes the following:
- Allows Proofpoint Essentials to accept mail traffic for the domain.
- Associates the domain with a destination configuration that holds delivery information for your mail server and any failover sites that are enabled.
- Sets a default domain for new users.
Some virus and spam senders specifically target mail servers by using low-priority DNS MX records or by looking up a server directly using a common naming convention like mail.mydomain.com. To prevent malicious senders from bypassing the message filtering service, we highly recommend that you add all of your domains to the service, and then configure your email servers to accept mail only from Proofpoint Essentials data centers. In addition, only Proofpoint Essentials MX records should be public.
Keep in Mind
When adding domains to Essentials, keep the following in mind:
- Domains should only have failover destination sites defined if the failover site is available at all times.
- An administrator must be authorized to manage the users and domain for a company.
- A domain and its users must be within the same company.
- You cannot add a domain that is already associated with another company in any Proofpoint Essentials environment.
- MX records should not be changed until after domains are added to Essentials.
A domain needs its ownership verified to ensure it is intended for relaying email: this process needs to be done only once, and can be done either by adding a DNS record to the domain's configuration, or by adding a custom META tag to the homepage associated with the domain. In addition, DKIM records are now highly recommended to increase security.
Outbound Relaying feature (optional)
When the optional Outbound Relaying feature is enabled, Proofpoint Essentials processes messages sent from any of the following:
- a preregistered static IP address (“sending server”)
- a registered domain corresponding to the preregistered static IP address
- a registered user's email address (unless SMTP Discovery is enabled)
- As mentioned, DKIM can be set-up and is recommended.
- SPF records should be added as well
- SMTP Authentication can also be used in place of an IP.
For environments using Google Apps or Office 365 services, outbound relaying is handled through the Managed Hosted Services feature, which automatically populates/manages IP addresses for those services. Service provider updates are checked for daily.
Can Proofpoint Essentials be used to forward email for non-registered domains?
Proofpoint Essentials only processes email for domains and static IPs registered on our user interface. This safeguards against the security threat of being used as an open relay.
As such, auto-forwarding practices should be relayed using DNS only and cannot be via the Proofpoint Essentials smart host.