Adding domains

To add domains to any policy (including the default policy), you must first set up a valid inbound connection on the Connections tab that will accept messages for the domain you plan to add. A valid inbound connection is one that accepts messages on port 25 for the domain. If it is behind the firewall, the firewall must allow email traffic from the IP address ranges listed on the DNS records and service IP addresses page. The connection is checked as part of the validation.

To add a domain or sub-domains to the policy:

Steps

  1. Click Add on the Domains tab.
  2. Enter the domain name in the Domain field.
  3. To apply the policy to all sub-domains in the current domain, select Include sub- domains.
  4. Select Outbound only configuration to process only outbound messages for the registered Outbound only domains, inbound email processing is not applied to these domains.
  5. Click Submit.

    At this stage Forcepoint Email Security Cloud checks for a valid inbound connection for this domain and displays the result on the Add Domain screen. If it cannot find or validate a connection, an error message appears.

    Important:

    The inbound connection checking does not guarantee the correct delivery of email messages. It is strongly recommended that you run your own testing on the inbound connection that you have specified.

    Outbound only domains do not require route connectivity tests.

    The Add Domain screen also displays the following options for you to verify ownership of the domain you have entered. The ownership check initially displays as Failed, because it cannot succeed until you have done one of the following:

    • Create a CNAME record in your DNS that aliases the character string shown on the screen to autodomain.mailcontrol.com. For more information, see CNAME records and A records.
    • Create an A record for the character string shown on the screen, pointing to the IP address of autodomain.mailcontrol.com. For more information, see CNAME records and A records.
    • Add your customer-specific DNS records into your MX records in your DNS. For more information about adding and editing MX records, see MX records.

    Once you have made one of the above changes, click Check Now.

    Important:

    If you choose to use MX record verification, the service will accept email messages for this domain as soon as the MX records are set up.

    MX record checking is not available for outbound only domains.

    If you return to the list of domains on the Domains tab before the required record has been added or successfully propagated, the details you entered appear in the domain list with the status Unchecked. Once you have created the required records, click the domain name to view the details, and then click Check Now again to retry the validation.

    Important: Do not configure domains until you are ready to verify ownership, because all domains are marked Rejected after 7 days if ownership verification has not been completed. You must then call Support to edit or re-enable the domain.