|Applies To||RSA Product Set: Archer|
RSA Version/Condition: All
Platform: Hosted and Software as a Service (SaaS) environments
|Issue||RSA Archer Notifications are delayed or not received from a Hosted or Software as a Service (SaaS) environment, but the Notifications Sent report shows email was sent successfully.|
|Cause||The preferred FROM address for Notifications is not set to email@example.com.|
The customer's email system is not monitoring the correct MX record or needs to whitelist SaaS mail relays.
|Resolution||The SaaS Operations Team recommends customers set the From address to firstname.lastname@example.org (the preferred address). |
If customers want to send from addresses other than email@example.com, they can request their Email Team monitor the SPF DNS record for archer.rsa.com. It will always have the IPs that Archer may send mail from.
One way to get that is by using the nslookup command-line utility:
The nslookup returns the following. The mx means the MX host(s) for the archer.rsa.com zone and ip4 entries of 184.108.40.206, 220.127.116.11, 18.104.22.168 and 22.214.171.124.
Open a new command-line window and run the following commands:
The nslookup returns the following. The important information from the results is that the MX record is 126.96.36.199.
Therefore, based on the information above, Archer may send email from:
Regarding DMARC/DKIM email spoof filtering, these same settings and values can be used in the creation of an exception to allow email messages from the RSA Archer Hosted/SaaS environments. Without an exception, any email messages or notifications generated by the RSA Archer Hosted/SaaS environments will not be received or allowed by your organization once DMARC/DKIM validation is enabled.