If you use email notifications with response links to notify users, it's possible that malware protection (antivirus) software can affect response processing by xMatters.
This is because some malware protection software, such as Proofpoint, scans incoming email and automatically follows links found in the email content (and sometimes even overwrites the links). So, by the time a user clicks on their response choice from the email notification, the actual URL of that response may have been invoked several times.
What can you do?
- In the Exchange Admin center, go to Mail flow > Rules.
- Create a rule named "Bypass xMatters ATP Links".
- Apply this rule to "Senders IP address is in the range":
167.89.94.254 168.245.127.202 159.135.227.3 159.135.227.4 159.135.227.7
- Leave the following set message header 'X-MS-Exchange-Organization-SkipSafeLinksProcessing' with a value of 1.
- Select a low severity level to audit this rule.
- Click Save.
Verify that your email authentication settings (such as SPF and DKIM) are correctly configured for your xMatters sending domains so security systems can reliably identify and trust xMatters messages.
Where appropriate, consider using alternative response channels (such as the xMatters mobile app, SMS responses, or the web user interface inbox) for critical workflows that are especially sensitive to false or duplicate email responses.
Alternatively, consult with your malware protection software vendor about how to configure your settings to avoid incorrect responses to xMatters notifications.
xMatters reference
DTN-4735 Originally by Denis Sodol
Comments
1 commentPlease sign in to leave a comment.
Are the IP address mentioned in "Step 3" the actual IP addresses that we need to whitelist? Or are those just an example?