MIDAS Knowledge Base MIDAS Knowledge Base

Why do outgoing emails contain a warning they may be "spoofed"?

If emails sent from your MIDAS room booking system include a warning about them being "spoofed" or that "This sender failed our fraud detection checks and may not be who they appear to be" when they are received, this indicates that the domain relating to the email address the message was purportedly sent "from" isn't currently configured to authorize emails to be sent on its behalf from external/3rd party sources (i.e. the physical server where your MIDAS system resides).

Take for instance the following example Scenario:

  • Your MIDAS system is running on domain "A".
  • Your MIDAS system is configured to send emails to appear as though they are sent from an email address belonging to domain "B" (i.e. your own organization's domain)
  • An email is sent from your MIDAS system to a recipient with an email address on domain C
In the above example, the receiving mail server for domain C queries the SPF record on domain B to check whether domain A is authorized to send mail on behalf of domain B. If it isn't the email is rejected.

This can be resolved in a number of ways, depending upon the level of administrative access you have to "domain B" (your own domain):

If you are the domain's administrator:

If you own/administer "domain B" (For example, you've configured your MIDAS to send email from "[email protected]" and you also administer the root "yourdomain.com" domain), then you can add domain A (where your MIDAS system resides) to domain B's (your organization's own domain) SPF record, so that domain A is authorized to send email on domain B's behalf.

If your MIDAS system is cloud-hosted by us (i.e. domain A), you can create/modify domain B's SPF record to simply include "include:_spf.midas.network". For example, domain B's modified SPF record may then look like this:

v=spf1 +a +mx include:_spf.midas.network ~all

If your MIDAS system is hosted elsewhere, you can create/modify domain B's SPF record to include the IP address and/or the domain where your MIDAS system resides, for example:

v=spf1 ip4:x.x.x.x a:your_midas_domain ~all

SPF entries are TXT records within your domain's DNS. If you're not sure how to set/modify DNS records for your domain (i.e. domain B), you'll need to defer to your domain's administrator, registrar, or hosting provider who should be able to make the necessary adjustments to your DNS record.

If you are not the domain's administrator:

If you don't own/administer "domain B" in the original scenario, then you have two options:

1) Configure your MIDAS email settings to send email directly via your domain's own SMTP servers. You can configure these settings via MIDAS Admin Options → Manage MIDAS → Email. Once correctly configured, all subsequent email sent from your MIDAS system will instead be relayed through your organization's own SMTP servers rather than be sent directly from the server where your MIDAS resides, or another SMTP server. This will mean that there won't be a mismatch between the "virtual" email address(s) you're sending from and actual mail server they're being sent from.

Alternatively;

2) Change the email address(s) from which outgoing emails are being purportedly sent from in your MIDAS system. For example, if you're attempting to send emails purportedly to be from "domainX", and "domainX" itself prohibits sending of email from @domainX addresses from non-domainX servers, change the email address in MIDAS to instead be for a domain which will allow sending of email from external servers.


You might also be interested in...


MIDAS » KB » Support » Article 00171

← Return to the Knowledge Base