N-able Mail Assure: February Features and Updates Release

This month, as well as the usual bundle of bug fixes and minor improvements, we’ve created regional SPF hostnames to show where the messages will come from and we’ve added the possibility to block the potential unwanted attachments separately for delivery and submission flows.

Region-specific SPF Hostnames

Some partners have indicated that they would prefer to have fewer servers authorised to deliver their email via Mail Assure, to reduce their security surface. Including many servers is necessary in order to ensure reliable delivery, but it is possible to decrease the number of IPs based on the region selected for the domain. To support this, we have created hostnames that can be used for SPF records that only include the IPs used to deliver email from domains that are set to use that region in Mail Assure.

We strongly recommend using the global SPF hostname unless absolutely necessary. It is also critical that you exactly match the region selected for the domain in the app with the SPF hostname that is used, or simply use the global SPF hostname. For example, if a domain is set to use the US region but the domain’s SPF record has the Canadian SPF hostname, this could result in SPF failures and subsequent issues with delivery. Note that you should never include a Mail Assure IP address in the SPF record, only the hostname, as delivery IPs are regularly changed as part of overall IP and delivery management.

The regional SPF hostnames are:

  • EU: spf-eu.mtaroutes.com
  • US: spf-us.mtaroutes.com
  • UK: spf-uk.mtaroutes.com
  • Australia: spf-au.mtaroutes.com
  • Canada: spf-ca.mtaroutes.com
  • South Africa: spf-za.mtaroutes.com

Note that work to entirely restrict message delivery within all available regions is not yet complete, so delivery for domains using a specific region may occur from servers outside of that region, and the SPF hostname will reflect that.

Separate Potential Unwanted Attachments (PUA) for Incoming and Outgoing Filtering

Over the next four weeks we will be enabling a set of changes for better PUA control.

A new option has been added in the Outgoing user settings page to block or unblock the potential unwanted attachments for the outgoing filter flow.

The previous option “Block potentially unwanted attachments” from Incoming / Attachment Restrictions page will be applicable only for the incoming filter flow.

Changelog

Since the last major release, we’ve also fixed the following issues: 

  • MMA-7764. Fixed Private Portal issue when forwarding emails with attachments.
  • MMA-7810. Fixed Private Portal issue to allow users to compose in Private Portal based on domain verification.
  • MMA-7749. Fixed Microsoft 365 Synchronization timeout issue.
  • MMA-7660. Assure proper access to the new Manage Technicians page to manage the partner. technicians, while anything lower down is handled in the classic app version of the page.
  • MMA-7853. Fixed an issue with DMARC reports not being generated.
  • MMA-7819. Fixed an issue with outgoing filter messages not being archived when the “Archive specific mailboxes only” option is enabled, and the sender is CamelCased.
  • MMA-7780. Improved archive expiry performance to avoid issues with app performance around 1 a.m. UTC each day.
  • MMA-7666. Improved performance when there are temporary issues connecting to archive storages.
  • MMA-7878. Fixed an issue with Edit dialog from Edit Mailbox not closing after saving the changes.
  • MMA-7650. Fixed “Block Macros” option to reset to default value in Attachment Restrictions page.
  • MMA-7762. Fixed a rare condition that could cause errors managing technicians.
  • MMA-7769. Fixed an issue with missing Locked Identity reports.
  • MMA-7700. Fixed an issue where some technician access to the app was possible when a contract was suspended.

We’ve also made the following improvements: 

  • MMA-7015. CSV output orders the fields in the same order as in the request.
This entry was posted in N-sight and tagged . Bookmark the permalink.