Now, assuming email settings are correct in a customer’s MIDAS system, then the most likely cause is a missing or incorrect SPF record for their organization’s own domain.
What is SPF?
SPF stands for “Sender Policy Framework”. Its purpose is to prevent unauthorized sending of email purporting to be from someone within your organization.
It’s function is best explained with an example…
Let’s assume that your cloud-hosted MIDAS system resides at “demo.mid.as”, and your own organization’s own domain is “example.com”.
You may wish your MIDAS system to be able to send emails appearing from “[email protected]” even when your booking system is hosted at another domain (i.e. demo.mid.as).
However, if an SPF record has not been correctly configured on your “example.com” domain to authorize “demo.mid.as” to send email on behalf of your organization’s own domain, emails sent from your MIDAS system will likely not arrive.
In a previous article we explain the importance of SPF in more detail. That article also covers how to correctly set an SPF record for MIDAS email delivery.
Anyway, back to email settings in MIDAS itself. Email settings may be configured via MIDAS Admin Options → Manage MIDAS → Email.
Email settings and SMTP Test button in MIDAS.
When choosing to have outgoing email sent via your organization’s own SMTP (mail) server, an “SMTP Test” button is shown. This allows you to send a test email to yourself using the SMTP settings you’ve entered.
SPF Record Check
Starting with MIDAS v4.28, we’ve added an SPF record check into this SMTP test for cloud hosted customers.
This will attempt to retrieve the SPF record for your domain. You’ll see a warning if the SPF record not been correctly configured to authorize your MIDAS system to send email on behalf of your organization.
We hope this check will assist our cloud-hosted customers in setting up an SPF record for their domain to ensure maximum email deliverability.
In this blog post, we’ll take a look at SPF and why its important in ensuring email from your MIDAS room booking system is reliably delivered.
SPF stands for “Sender Policy Framework” and its purpose is to prevent unauthorized people from forging your e-mail address and pretending to be you. SPF has been around for a number of years now, but in recent times has been growing in popularity as more and more websites and email providers start enforcing it.
As our MIDAS web based room booking systems are capable of sending email on your behalf, it’s important to understand how SPF works and how it can help solve email delivery issues in MIDAS.
Take for instance the following example Scenario:
Your MIDAS system is running on domain “A” (i.e. your-organization.mid.as)
Your MIDAS system is configured to send emails to appear as though they are sent from an email address belonging to domain “B” (i.e. your-organization.com)
An email is sent from your MIDAS system to a recipient with an email address on domain C
In the above example, the receiving mail server for domain C queries the SPF record on domain B to check whether domain A is authorized to send mail on behalf of domain B. If it isn’t the email is rejected.
An SPF record is simply a TXT record in a given domain’s DNS, and a simple example may look similar to this:
v=spf1 +a +mx ~all
The format of an SPF record begins with a version number; the current SPF version is “v = spf1”. Following the version string, any number of expressions may be included which are evaluated in the order they appear. These consist of an optional “qualifier” (+, -, ~, or ?) and a “mechanism” (all, a, mx, ip4, or include). The first mechanism that is matched in the SPF record determines the result of the entire valuation of the SPF record.
Qualifiers:
Qualifier
Result
Description
+
Pass
Defines an authorized sender (If no qualifier is specified, + is assumed)
–
Fail
Defines an unauthorized sender
~
SoftFail
Defines an unauthorized sender (however it may not notify the sender that their email failed)
?
Neutral
Defines a sender whose legitimacy isn’t determined (In such instances, sending is allowed)
Mechanisms:
Mechanism
Applies if…
all
always
a
An A (or AAAA) record of the polled (or explicitly specified) domain contains the IP address of the sender
mx
An A (or AAAA) record of the polled (or explicitly specified) domain contains the IP address of the sender
ip4
The specified IPv4 address is the IP address of the sender or of the specified IPv4 subnet which contains it
include
An additional SPF request for the domain specified in the include statement contains the IP address of the sender
SPF records cannot be over 255 characters in length and cannot include more than ten “include” statements.
Email delivery will be allowed if it originated from the same domain it was sent (+a).
Email delivery will also be allowed if it originated from the specific IP address 1.2.3.4
Email delivery will be rejected if it originated from the IP address 5.6.7.8.
Email delivery will be allowed if it matches the rules defined in the SPF record on “somedomain.com”
All other email sources will be softly rejected (~all)
Bringing it back to MIDAS…
If you run a cloud-hosted MIDAS system at the domain “your-organization.mid.as”, your organization’s own website is “your-organization.com”, and you wish to allow your MIDAS system to send email on behalf of addresses @your-organization.com, then you should setup/modify an SPF record on your-organization.com.
This SPF record would authorize your hosted MIDAS system to send email on behalf of your organization. Failing to correctly set an SPF record for your domain may mean that emails sent from your MIDAS system may not reach recipients.
For our hosted customers, you can simply include “include:_spf.midas.network” in your-organization.com’s SPF record. Your new/modified SPF record may then look similar to this:
v=spf1 +a +mx include:_spf.midas.network ~all
In the above example:
Email delivery will be allowed if it originated from the same domain it was sent (+a).
Email delivery will be allowed if it originated from the same mail server as it was sent (+mx)
Email delivery will be allowed if it matches the rules defined in the SPF record on “_spf.midas.network”. This will allow your hosted MIDAS system to become an authorized sender of email for your domain.
All other email sources will be softly rejected (~all)
Remember, SPF records are simply TXT records within your domain’s DNS. If you’re not sure how to set/modify DNS records for your own domain, you’ll need to defer to the domain’s administrator, registrar, or hosting provider who should be able to assist in making the necessary adjustments to your domain’s DNS record
