000033879 - Notifications are delayed or not received from an RSA Archer Hosted or Software as a Service (SaaS) environment, but the Notifications Sent report shows email was sent.

Document created by RSA Customer Support Employee on Aug 29, 2016Last modified by RSA Customer Support on May 11, 2020
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000033879
Applies ToRSA Product Set: Archer
RSA Version/Condition: All
Platform: Hosted and Software as a Service (SaaS) environments
IssueRSA Archer Notifications are delayed or not received from a Hosted or Software as a Service (SaaS) environment, but the Notifications Sent report shows email was sent successfully.
CauseThe preferred FROM address for Notifications is not set to noreply@archer.rsa.com.

The customer's email system is not monitoring the correct MX record or needs to whitelist SaaS mail relays.
ResolutionThe SaaS Operations Team recommends customers set the From address to noreply@archer.rsa.com (the preferred address).  

If customers want to send from addresses other than noreply@archer.rsa.com, they can request their Email Team monitor the SPF DNS record for archer.rsa.com. It will always have the IPs that Archer may send mail from.

One way to get that is by using the nslookup command-line utility:

nslookup
set type=txt
archer.rsa.com


The nslookup returns the following. The mx means the MX host(s) for the archer.rsa.com zone and ip4 entries of 8.20.181.47, 62.190.59.200, 46.34.69.10 and 209.208.146.47.

"v=spf1 mx ip4:8.20.181.47 ip4:62.190.59.200 ip4:46.34.69.10 ip4:209.208.146.47 ~all"


User-added image




Open a new command-line window and run the following commands:

nslookup
set type=mx
archer.rsa.com



The nslookup returns the following. The important information from the results is that the MX record is 8.18.102.11.

mailrelay01.archer.rsa.com      internet address = 8.18.102.11



User-added image


Therefore, based on the information above, Archer may send email from:
  • 8.18.102.11
  • 8.20.181.47
  • 62.190.59.200
  • 46.34.69.10
  • 209.208.146.47
NOTE: The IP list can, has, and will change over time…so trying to a static list of IPs is not recommended.
Notes
Regarding DMARC/DKIM email spoof filtering, these same settings and values can be used in the creation of an exception to allow email messages from the RSA Archer Hosted/SaaS environments.  Without an exception, any email messages or notifications generated by the RSA Archer Hosted/SaaS environments will not be received or allowed by your organization once DMARC/DKIM validation is enabled.

Attachments

    Outcomes