What are Internal Senders?

If your organization uses its own servers to send email, you will need to think about Internal Senders. 


Most of the time, modern organizations use commercial senders such as Mailchimp or Sendgrid to send email for them. You will have seen this type of sender in Authenticate and should have learned how to approve them and get them authenticating email correctly.


Internal Senders (aka your mail servers, on IPs that are yours) are handled in much the same way.


An Internal Sender is identified simply by its IP address range (also known as a netblock), which may be a single IP address or a whole range of them. In the app, you can also give the sender a name. You'll see this sender alongside your other senders in the approved tab (unless you specifically Deny it).




Using Internal Senders


How to Add an Internal Sender


There are two ways to create an Internal Sender.


  1. You can make one directly from the domain dashboard page by clicking "Add Sender" and then selecting "Internal Sender"
  2. You can also make one from an Unidentified Sender screen, essentially fishing out a good sender from the sea of bad ones. Read more about how to do this here.


This form can be easy to complete, but also gives you additional control if you need it.


By default, your server will be given SPF support on your root domain. If you need to, you can write in a specific subdomain in the 'Domain' field, if the server uses a specific subdomain. If you aren't sure, leave the default value and you can redo this process later.


Use 'Name' to give yourself a helpful shorthand for the server. Any name, such as 'On-prem 2', can be helpful to keep your work organized. It's ok if you don't use a name here.


Finally, the Netblock IP Address Range will default to the specific IP address of the unidentified sender you were viewing before. If you want to, you can expand this using CIDR notationand thereby cover multiple unidentified senders at once. This part is mandatory and you've got to be sure of what you are doing.





Details About an Internal Sender


Click on your sender from the dashboard to see a detail page all about its authentication.





At the top of the screen you can see the name, IP range (netblock), PTR record, and domain it sends from. You can also see the Approval control if you ever need to Deny this sender, even temporarily.


In the middle of the page is the Configuration section where you can see if Authenticate is supporting the sender for SPF. You will also see if there are any important SPF issues here. Usually servers that someone has set up for their own organization have few problems here, once they are up and running.


In some cases, your server might also sign with a DKIM key. If this is the case, be sure to add the key in the interface with "Add DKIM Key".


The bottom of the page shows reporting, where you can see how well your server is doing authenticating on DMARC. Learn more about this reporting here.