You can change the settings for sending and receiving emails on IPs allowed for receipt, IPs not allowed for receipt, inbound gateway, routing, and mail authentication (DKIM).
Each of the subdomains that the administrator added can have separate sending/receiving settings applied.
Manage IPs allowed in the inbox
You can add or delete IPs allowed for receiving emails.
All emails from the permitted IP address are received and are not filtered by the spam filter created according to the spam policy.
When sending many emails from outside to the company for security training purposes, add the sending server IP to the allowed list and then send the emails to avoid spam filtering.
Check IPs allowed in the inbox
In Mobile, you can only check the IP address registered in the list of IPs allowed in the inbox.
- Select 'Service' from the left to expand the menu and press 'Mail' to access the page. On mobile, tap the button to access the menus.
- Press 'Send/Receive' on the top.
- Press 'Manage' on the right to the 'IPs allowed for receipt' texts to access the management page.
- Check the list of IPs allowed in the inbox.
Add IPs allowed for receipt
Add up to 10,000 IPs allowed for receiving emails.
All emails sent from the added IP will not be filtered by the spam filter and will be sent to the 'Inbox'.
PC Web
- Press 'Add IP' on the IPs allowed for the receipt page.
- Fill out the required fields.
- Add IP (required): Add IP or IP range to allow receiving emails from.
When entering multiple IPs at once, separate them with commas (,), line breaks, or spaces. - Note: Enter a description of the IP.
- Add IP (required): Add IP or IP range to allow receiving emails from.
- Click 'Save'.
Please note that security may become vulnerable if you add an email server used by an unspecified number of users, such as Gmail or AWS, to the IP address allowed.
Delete IPs allowed for receipt
Delete the registered IPs allowed for receipt.
PC Web
- Select the IP you want to delete from the IPs allowed for receipt.
- Click 'Delete' at the top.
- Click 'OK' to delete the selected IP.
Manage IPs not allowed in the inbox
You can add or delete IPs not allowed for receiving emails.
All emails from the IPs not allowed for receipt are blocked from receiving.
Check IPs not allowed in the inbox
- Select 'Service' from the left to expand the menu and press 'Mail' to access the page. On mobile, tap the button to access the menus.
- Press 'Send/Receive' on the top.
- Press 'Manage' on the right to the 'IPs not allowed for receipt' to access the management page.
- Check the list of IPs not allowed in the inbox.
Add IPs not allowed for receipt
Add up to 10,000 IPs not allowed for receiving emails from.
All emails sent from the added IP will be blocked from receiving.
However, if the same IP is in both the list for IPs allowed for receipt and not allowed for receipt, emails can be received.
PC Web
- Press 'Add IP' on the IPs not allowed for the receipt page.
- Fill out the required fields.
- Add IP (required): Add IP or IP range to block receiving emails from.
When entering multiple IPs at once, separate them with commas (,), line breaks, or spaces. - Note: Enter a description of the IP.
- Add IP (required): Add IP or IP range to block receiving emails from.
- Click 'Save'.
Delete IPs not allowed for receipt
Delete the registered IPs not allowed for receipt.
You can check and delete IPs that have been blocked for a short time by using the 'Recent block history' sorting criteria at the top of the blocked IP list.
PC Web
- Select the IP you want to delete from the IPs not allowed for receipt.
- Click 'Delete' at the top.
- Click 'OK' to delete the selected IP.
Inbound Gateway
Inbound Gateway is a function that helps you to build a separate server that filters spam and rejects emails with viruses.
NAVER WORKS provides an Inbound Gateway function to add security solutions before the users receive emails.
To use an Inbound Gateway, you need to set up the MX record as the inbound gateway instead of NAVER WORKS.
NAVER WORKS does not sell or provide solutions that can use Inbound Gateway.
However, if the default domain is the by-works.com domain provided by NAVER WORKS, you cannot use the Inbound Gateway function.
PC Web
- Select 'Service' from the left to expand the menu and press 'Mail' to access the page.
- Press 'Send/Receive' on the top.
- Press the 'Manage' button from the 'Inbound Gateway' field.
- To use the Inbound Gateway, change the use status of 'Inbound Gateway' to 'Use'.
- Enter the Inbound Gateway IP or bandwidth you are using.
You must enter all IPs and bandwidths used in the process of delivering from the Inbound Gateway to NAVER WORKS.
You can enter up to 50 IPs and divide them by commas (,).
You can enter up to x.x.x0/20 bandwidths (e.g. 10.0.0.1, 10.1.1.0/24).- Also, the following options can be selected.
- Receive email only from the registered IP above
- Email sent internally go through the gateway
- Also, the following options can be selected.
- Set spam filtering options.
- Filter spam with regular expressions: If you set this item to 'Use', emails matching the regular expression you wrote will be sent to the spam mailbox.
- Exclude NAVER WORKS spam filtering when going through the gateway: If this option is in use, only the spam filter of the Inbound Gateway, without the spam filter of NAVER WORKS, will be used.
However, the receiving policy set by the administrator will still work, and emails may be blocked as a result.
- At the top right, click 'Save'.
Inbound routing
You can send emails received in NAVER WORKS that match the set conditions to another server.
The Inbound routing function can be used for various purposes: conducting a pre-test before introducing the NAVER WORKS Mail service or archiving emails received in NAVER WORKS to other external solutions.
However, if the default domain is the by-works.com domain provided by NAVER WORKS, you cannot use the Inbound routing function.
Inbound routing conditions and execution options
PC Web
- Routing condition
- Internal email: Referring to emails exchanged between members of the same NAVER WORKS domain.
- External email: Referring to emails with a sender not from the same NAVER WORKS domain or sent through an external server (routing).
- Routing execution
- Change route: After the route change, you can receive an email to the selected route (server).
- Route for inbound addresses not on NAVER WORKS: If this option is in use, emails sent to members (groups) addresses that do not belong in NAVER WORKS are also sent to the specified route.
- Also save mail on NAVER WORKS: If the option is in use, emails are sent to the specified route and stored in the NAVER WORKS inbox.
(However, if the recipient's address is not in NAVER WORKS, emails are sent to the designated route without saving.)
Outbound routing
Outbound routing can send emails from NAVER WORKS to a server other than the original destination, and send additional emails to a previously used server for NAVER WORKS pre-test.
Also, the Outbound Gateway function is integrated into Outbound routing for data loss prevention (DLP).
However, if the default domain is the by-works.com domain provided by NAVER WORKS, you cannot use the Outbound routing function.
Outbound routing conditions and execution options
PC Web
- Routing condition
- Internal email:Referring to emails exchanged between members of the same NAVER WORKS domain.
- External email: Referring to all emails other than internally sent emails.
- Routing execution
- Change route: After the route change, you can send an email to the selected route (server).
- Send additionally: If selected, sends additional email to the selected route by adding the sender's address to the recipient.
Manage routes
On the Manage routes page, you can easily add or edit server (route) information used in inbound routing and outbound routing.
You can enter the server you want by pressing the 'Add route' button.
(The button for adding root is also provided for Outbound routing and Inbound routing.)
You cannot delete the route currently in use but can edit the information.
However, if the default domain is the by-works.com domain provided by NAVER WORKS, you cannot use the Manage routes function.
Mail Authentication (DKIM: DomainKeys Identified Mail)
You can prove to the recipient that the email has not been tampered with by adding a digital signature to the email header.
The outbound server signs the email with a private key, and the inbound server uses the sender's public key to check the original mail and further regard authenticate as complete.
DKIM is currently provided by most global mail services, and an email sent using DKIM is considered highly reliable at the receiving end. Thus reduces the chance of an email block.
When sending an email in NAVER WORKS, the DKIM signature is automatically on the worksmobile.com domain emails without having the DKIM signature on your domain.
If you want to sign DKIM directly with your domain, or need DKIM signing to apply DMARC (Domain-based Message Authentication, Reporting and Conformance) policy, follow the steps below.
However, if the default domain is the by-works.com domain provided by NAVER WORKS, you cannot use the Mail Authentication(DKIM) function.
Mail Authentication (DKIM) settings
PC Web
- Select 'Service' from the left to expand the menu and press 'Mail' to access the page.
- Press 'Send/Receive' on the top.
- Press the 'Manage' button on the right of the 'Mail Authentication(DKIM)' field to access the edit page.
- Enter the Selector to use and then press 'Create' on the Mail Authentication (DKIM) page.
- Selector: Only English, numbers, and hyphens (-) are allowed. The hyphen (-) cannot be used at the beginning or end. Selector values are generated as lineworks unless entered otherwise.
- Length of Public Domain Key: You can choose the bit length of the public domain key. Some domain providers do not support 2048 bits. In this case, you must create a key with 1024 bits to successfully update the DNS (Domain Name Server) record information.
- When the Selector is created, 'Host name' and 'Public Domain Key (TXT Record)' values are updated respectively.
- After copying the updated hostname and TXT record, access the setting page of your domain provider. Then register and save the copied value.
- Press the 'Begin authentication' button at the top right of the mail authentication (DKIM) setting page.
- Authentication success and failure
- Success result message appears when the domain name server (DNS) record information is updated without an issue. The DKIM signature is applied with the set value when sending the mail.
- If the record information has not yet been completely updated, authentication may fail. Depending on the domain provider, it may take up to 72 hours to reflect the updated information. In this case, you need to try authentication again after a while.
- Authentication success and failure
Transport Layer Security(TLS)
You can encrypt the communication process when sending and receiving emails with a specific domain.
Domains to which Transport Layer Security(TLS) are applied can send and receive email only when the incoming or outgoing server performs TLS communication.
Add Transport Layer Security(TLS) policy
Add a Transport Layer Security(TLS) policy. You can add up to 30 per domain.
If multiple policies are registered for the same domain, the strictest policy becomes the standard.
PC Web
-
- Select 'Service' from the left menu of Admin to expand the menu and click 'Mail'.
- Click the 'Send/Receive' tab.
- Click 'Manage' to the right of ‘Transport layer security (TLS)'.
- Click 'Add' at the top of the list of Transport Layer Security (TLS) policies.
- Enter the required fields.
- Policy title (required): Enter a title for the Transport Layer Security (TLS) policy.
- Applied target (required): Select the target to apply the Transport Layer Security (TLS) policy among 'Incoming mail' and 'Outgoing mail'.
- Trusted Certificate Authorities (CAs): This can be selected when the application target is 'Outgoing mail', and mail is sent only when the server certificate used by the receiving side is issued by a trusted Certificate Authority (CA).
- Hostname match: This can be selected when the application target is 'Outgoing mail', and mail is sent only when the host name of the receiving side and the mail server certificate match.
- domain: Enter the domain to apply Transport Layer Security (TLS) policy You can add up to 100.
- Click 'Save' on the bottom right.
Edit Transport Layer Security (TLS) Policy
Edit the Transport Layer Security (TLS) policy.
PC Web
-
- Select 'Service' from the left menu of Admin to expand the menu and click 'Mail'.
- Click the 'Send/Receive' tab.
- Click 'Manage' to the right of ‘Transport layer security (TLS)'.
- Click the policy you want to edit. Then make changes.
- Click 'Save' on the bottom right.
Delete Transport Layer Security (TLS) Policy
Deletes the registered Transport Layer Security (TLS) policy.
PC Web
- Select 'Service' from the left menu of Admin to expand the menu and click 'Mail'.
- Click the 'Send/Receive' tab.
- Click 'Manage' to the right of 'Transport layer security (TLS)'.
- Select the policy you want to delete from the Transport Layer Security (TLS) policies list.
- Click 'Delete' at the top.
- Click ‘OK’.