Help Center Administrator GuideServiceMail

Email sending and receiving settings

This feature is available after applying for the Standard or Standard Plus plan of NAVER WORKS Core.

You can configure settings related to email sending and receiving, such as managing allowed and blocked IPs, inbound gateways, routing, and mail authentication (DKIM).

If the administrator has added secondary domains, you can configure sending and receiving settings separately for each domain.

Manage IPs allowed for incoming email

You can add or remove IPs allowed for receiving emails.

All emails from permitted IP addresses are received without being filtered by the spam policy's spam filter.
When sending bulk emails from outside to the company for security training purposes, please add the sending server's IP to the allowed list to prevent them from being filtered as spam.

How to check allowed IPs

  1. In the left menu of Admin, select 'Service' to expand the menu, then click 'Mail' to go to 'Mail'. On mobile, tap to open the menu.
  2. Press 'Send/Receive'.
  3. Press 'Manage' right to 'IPs allowed for receipt' to go to the management page.
  4. Check the list of registered allowed IPs.

How to add allowed IPs

Add up to 10,000 IPs allowed for receiving emails.

All emails sent from the added IP will not be filtered and will be received in 'Inbox '.

PC Web

  1. Click 'Add IP' on the allowed IP management screen.
  2. Enter the required information.
    • Add IP (required): Add IP or IP range to allow receiving emails from.
      When entering multiple IPs at once, separate them with commas (,), line breaks, or spaces.
    • Note: Enter a description of the IP.
  3. Click 'Save'.

Be cautious when adding email servers used by a wide range of users, such as Gmail or AWS, to the allowed IP list, as this may compromise security.

How to remove allowed IPs

Remove the registered allowed IPs.

PC Web

  1. Select the IP to remove from the allowed IP list.
  2. Click 'Delete' at the top.
  3. Click 'OK' to remove the selected IP.

Manage blocked IPs for email reception

You can add or remove blocked IPs.

Any emails sent from the blocked IP will not be received and will be blocked.

How to check blocked IPs

  1. In the left menu of Admin, select 'Service' to expand the menu, then click 'Mail' to go to 'Mail'. On mobile, tap to open the menu.
  2. Press 'Send/Receive'.
  3. Press 'Manage' right to 'IPs not allowed for receipt' to go to the management page.
  4. Check the list of registered blocked IPs.

How to add blocked IPs

Add up to 10,000 IPs to block reception.

All emails sent from the added IP will be blocked.
However, if the same IP exists in both the allow and block groups, the email will be received based on the allow criteria.

PC Web

  1. Click 'Add IP' on the blocked IP management screen.
  2. Enter the required information.
    • Add IP (required): Add IP or IP range to block receiving emails from.
      When entering multiple IPs at once, separate them with commas (,), line breaks, or spaces.
    • Note: Enter a description of the IP.
  3. Click 'Save'.

How to remove blocked IPs

Remove the registered blocked IPs.

You can check and remove IPs that have been blocked for a short time by using the 'Recent block history' sorting criteria at the top of the blocked IP list.

PC Web

  1. Select the IP you want to remove from the blocked IP list.
  2. Click 'Delete' at the top.
  3. Click 'OK' to remove the selected IP.

Inbound Gateway

Inbound gateway is a function that helps you to build a separate server that filters spam and rejects emails with viruses.

NAVER WORKS offers an inbound gateway feature that allows users to add security solutions before emails are received.

To use the inbound gateway, you need to configure the MX record to point to the inbound gateway instead of NAVER WORKS.

NAVER WORKS does not sell or provide solutions for using the inbound gateway.

However, if the primary domain is the by-works.com domain provided by NAVER WORKS, you cannot use the inbound gateway function.

PC Web

  1. In the left menu of Admin, select 'Service' to expand the menu, then click 'Mail' to go to 'Mail'.
  2. Press 'Send/Receive'.
  3. Click 'Manage' in the 'Inbound Gateway' section.
  4. To use the inbound gateway, change the use status of 'Inbound Gateway' to 'Use'.
  5. Add the IPs or ranges for the active inbound gateways.
    You must enter all IPs and ranges used in the process of delivering from the inbound gateway to NAVER WORKS.
    You can enter up to 50 IPs and divide them by commas (,).
    You can enter ranges up to x.x.x.0/20 (e.g., 10.0.0.1, 10.1.1.0/24).

    • Also, the following options can be selected.
      • Receive email only from the registered IP above
      • Email sent internally go through the gateway
  6. Set spam filtering options.
    • Filter spam with regular expressions: If you set this item to 'Use', emails that match the regular expression will be received in Spam.
    • Exclude NAVER WORKS spam filtering when going through the gateway: If this option is in use, only the spam filter of the inbound gateway, without the spam filter of NAVER WORKS, will be used.
      However, the receiving policy set by the administrator will still work, and emails may be blocked as a result.
  7. At the top right, click 'Save'.

Inbound routing

You can send emails received in NAVER WORKS that match the set conditions to another server.

The Inbound routing function can be used for various purposes: conducting a pre-test before introducing the NAVER WORKS Mail service or archiving emails received in NAVER WORKS to other external solutions.​​

However, if the primary domain is the by-works.com domain provided by NAVER WORKS, you cannot use the Inbound routing function.

Inbound routing conditions and execution options

PC Web

  • Routing condition
    • Internal email: Referring to emails exchanged between members of the same NAVER WORKS domain.
    • External email: Referring to emails with a sender not from the same NAVER WORKS domain or sent through an external server (routing).
  • Routing execution
    • Change route: After the route change, you can receive an email to the selected route (server).
    • Route for inbound addresses not on NAVER WORKS: If this option is in use, emails sent to members (groups) addresses that do not belong in NAVER WORKS are also sent to the specified route.
    • Also save emails to NAVER WORKS: If the option is in use, emails are sent to the specified route and stored in the NAVER WORKS inbox.
      (However, if the recipient's address is not in NAVER WORKS, emails are sent to the designated route without saving.)

Outbound routing

Outbound routing can send emails from NAVER WORKS to a server other than the original destination, and send additional emails to a previously used server for NAVER WORKS pre-test.

Additionally, the outbound gateway feature has been integrated into outbound routing, making it usable for DLP (Data Loss Prevention) purposes.

However, if the primary domain is the by-works.com domain provided by NAVER WORKS, you cannot use the outbound routing feature.

Outbound routing conditions and execution options

PC Web

  • Routing condition
    • Internal email: Referring to emails exchanged between members of the same NAVER WORKS domain.
    • External email: Referring to all emails other than internally sent emails.
  • Routing execution
    • Change route: After the route change, you can send an email to the selected route (server).
    • Send additionally: If selected, sends additional email to the selected route by adding the sender's address to the recipient.

Manage routes

On the manage routes page, you can easily add or edit server (route) information used in inbound routing and outbound routing.
​
You can enter the server you want by pressing the 'Add route' button.
(The button for adding root is also provided for outbound routing and Inbound routing.)
​
You cannot delete the route currently in use but can edit the information.

However, if the  primary domain is the by-works.com domain provided by NAVER WORKS, you cannot use the manage routes function.

Email Authentication (DKIM)

You can prove to the recipient that the email has not been tampered with by adding a digital signature to the email header.

The outbound server signs the email with a private key, and the inbound server uses the sender's public key to check the original mail and further regard authenticate as complete.

DKIM is currently provided by most global mail services, and an email sent using DKIM is considered highly reliable at the receiving end. Thus reduces the chance of an email block.

When sending an email in NAVER WORKS, the DKIM signature is automatically on the worksmobile.com domain emails without having the DKIM signature on your domain.

​If you want to sign DKIM directly with your domain, or need DKIM signing to apply DMARC (Domain-based Message Authentication, Reporting and Conformance) policy, follow the steps below.

However, if the primary domain is the by-works.com domain provided by NAVER WORKS, you cannot use the Mail Authentication (DKIM) function.

Mail Authentication(DKIM) settings

PC Web

  1. In the left menu of Admin, select 'Service' to expand the menu, then click 'Mail' to go to 'Mail'.
  2. Press 'Send/Receive'.
  3. Press the 'Manage' button right to 'Mail Authentication(DKIM)' to go to the edit page.
  4. Enter the Selector to use and then press 'Create' on the Mail Authentication (DKIM) page.
    • Selector: Only English, numbers, and hyphens (-) are allowed. The hyphen (-) cannot be used at the beginning or end. Selector values are generated as naverworks unless entered otherwise.
    • Public domain key bit length: You can choose the bit length of the public domain key. Some domain providers do not support 2048 bits. In this case, you must create a key with 1024 bits to successfully update the DNS (Domain Name Server) record information.
  5. When the Selector is created, 'Host name' and 'Public Domain Key (TXT Record)' values are updated respectively.
  6. After copying the updated hostname and TXT record, access the setting page of your domain provider. Then register and save the copied value.
  7. Press 'Begin authentication' at the top right of the mail authentication (DKIM) setting page.
    • Authentication success and failure
      • Success result message appears when the domain name server (DNS) record information is updated without an issue. The DKIM signature is applied with the set value when sending the mail.
      • If the record information has not yet been completely updated, authentication may fail. Depending on the domain provider, it may take up to 72 hours to reflect the updated information. In this case, you need to try authentication again after a while.

Transport Layer Security(TLS)

You can encrypt the communication process when exchanging emails with a specific domain.

Domains to which Transport Layer Security (TLS) are applied can send and receive email only when the incoming or outgoing server performs TLS communication.

Add Transport Layer Security (TLS) policy

Add a Transport Layer Security (TLS) policy. You can add up to 30 per domain.

If multiple policies are registered for the same domain, the strictest policy takes precedence.

PC Web

    1. In the left menu of Admin, select 'Service' to expand the menu, then click 'Mail'.
    2. Click the 'Send/Receive' tab.
    3. Click 'Manage' right to 'Transport layer security (TLS)'.
    4. Click 'Add' at the top of the list of Transport Layer Security (TLS) policies.
    5. Enter the required information.
      • Policy title (required): Enter a title for the Transport Layer Security (TLS) policy.
      • Applied target (required): Select the target to apply the Transport Layer Security (TLS) policy among 'Incoming mail' and 'Outgoing mail'.
        • Trusted Certificate Authority (CA): This can be selected when the application target is 'Outgoing mail', and mail is sent only when the server certificate used by the receiving side is issued by a trusted Certificate Authority (CA).
        • Hostname match: This can be selected when the application target is 'Outgoing mail', and mail is sent only when the host name of the receiving side and the mail server certificate match.
      • domain: Enter the domain to apply Transport Layer Security (TLS) policy. You can add up to 100.
    6. Click 'Save' at the bottom right.

Edit Transport Layer Security (TLS) Policy

Edit the Transport Layer Security (TLS) policy.

PC Web

    1. In the left menu of Admin, select 'Service' to expand the menu, then click 'Mail'.
    2. Click the 'Send/Receive' tab.
    3. Click 'Manage' right to 'Transport layer security (TLS)'.
    4. Click the policy you want to edit. Then make changes.
    5. Click 'Save' at the bottom right.

Delete Transmit and Receive Encryption (TLS) Policy

Deletes a registered Transmit and Receive Encryption (TLS) policy.

PC Web

  1. In the left menu of Admin, select 'Service' to expand the menu, then click 'Mail'.
  2. Click the 'Send/Receive' tab.
  3. Click 'Manage' right to 'Transport layer security (TLS)'.
  4. Select the policy you want to delete from the list of Transmit/Receive Encryption (TLS) policies.
  5. Click 'Delete' at the top.
  6. Click 'OK'.
Was this article helpful?
  • Yes
  • No
Sorry about that! Please tell us why.
  • The information provided in the guide is wrong.
  • The information is difficult to understand.
  • There is insufficient information on specific devices. (e.g. There is no explanation on Mobile.)
  • Other

How can we make it better?

Thank you for your feedback!