Commvault, a well-known provider of data backup management solutions, is facing a significant issue with the delivery of its backup alert emails. The root cause? The company is sending these emails using its customers' email headers via its own SMTP servers—servers that can't technically use the SPF record of the domain of their customers because the domain in the "envelop" is commvault.com and can't be customized. This practice directly contravenes DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies, leading to authenticity check failures and email delivery disruptions :
The Consequences of DMARC Failures
When DMARC checks fail, email systems treat the messages as suspicious, leading to several potential outcomes:
- Quarantine: The emails are redirected to quarantine, requiring manual review by the recipient.
- Spam Folder: Many emails land in the spam or junk folder, where they are often overlooked.
- Rejection: Worst of all, some email systems may outright reject the messages, preventing their delivery entirely.
For Commvault's customers, this can be a serious problem. Backup alerts are a critical part of system management, ensuring administrators are informed of potential issues or the status of backup jobs. If these alerts are delayed or lost, it could hinder the timely resolution of problems, increasing operational risks.
Proposed Workaround: Whitelisting Commvault’s IP Addresses
Until Commvault addresses the underlying issue, customers may need to take proactive steps to ensure they receive these backup alert emails. One such step involves whitelisting the IP addresses of Commvault's SMTP servers in their email systems. This process bypasses standard authentication protocols, effectively telling the system to trust emails originating from these IPs regardless of DMARC results.