Knowledgebase

Sort by:
Syntax Recommendations Common Look Up mechanisms a: mx: include: ip4: ip6: exists: ptr: all Common Modifiers redirect= exp= An A Record must ALWAYS contain IP address (map host to IP) CNAME (Alias) must contain hostnames. No IPs here NS an MX records must contain host names. No IPs allowed. MX records (for mail servers)  should contain hostnames NOT IPs. Too Many Mechanisms Section 10.1, "Processing Limits" of the SPF RFC 4408 specifies the following in regards to DNS lookups: SPF implementations MUST limit the number of mechanisms and modifiers that do DNS lookups to at most 10 per SPF check, including any lookups caused by the use of the "include" mechanism or the "redirect" modifier.  If this number is exceeded during a check, a PermError MUST be returned.  The "include", "a", "mx", "ptr", and "exists" mechanisms as well as the "redirect" modifier do count against this limit.  The "all", "ip4", and "ip6" mechanisms do not require DNS lookups and therefore do not count against this limit. The "exp" modifier does not count against this limit because the DNS lookup to fetch the explanation string occurs after the SPF record has been evaluated. This limit is in place to prevent SPF lookups from being a useful avenue for Denial of Service attacks. Using an example SPF record as an example to illustrate, this record was breaking with 12 look-ups: example.com text = "v=spf1 include:_spf-a.example.com include:_spf-b. example .com include:_spf-c. example .com include:_spf-ssg-a. example .com include:spf-a.another example .com ip4:131.107.115.215 ip4:131.107.115.214 ip4:205.248.106.64 ip4:205.248.106.30 ip4:205.248.106.32 ~all" [ 5 mechanisms] _spf-a.example.com   text = "v=spf1 ip4:216.99.5.67 ip4:216.99.5.68 ip4:202.177.148.100 ip4:203.122.32.250 ip4:202.177.148.110 ip4:213.199.128.139 ip4:213.199.128.145 ip4:207.46.50.72 ip4:207.46.50.82 a:mh. example .m0.net ~all"  [ +1 = 6 mechanisms] mh.example.m0.net a = 209.11.164.116 _spf-b.example.com text = "v=spf1 include:spf.messaging.example.com ip4:207.46.22.35 ip4:207.46.22.98 ip4:207.46.22.101 ip4:131.107.1.27 ip4:131.107.1.17 ip4:131.107.65.22 ip4:131.107.65.131 ip4:131.107.1.101 ip4:131.107.1.102 ip4:217.77.141.52 ip4:217.77.141.59 ~all" [+1 = 7 mechanisms] spf.messaging.example.com text = "v=spf1 include:spfa.another example .com include:spfb.anotherexaple.com include:spfc.anotherexample.com -all"  [+3 = 10 mechanisms] spfa.anotherexample.com   text = "v=spf1 ip4:157.55.116.128/26 ip4:157.55.133.0/24 ip4:157.55.158.0/23 ip4:157.55.234.0/24 ip4:157.56.112.0/24 ip4:157.56.116.0/25 ip4:157.56.120.0/25 ip4:207.46.100.0/24 ip4:207.46.108.0/25 ip4:207.46.163.0/24 ip4:134.170.140.0/24 ip4:157.56.110.0/23 -all" [+0 = 10 mechanisms] spfb.anotherexample.com   text = "v=spf1 ip4:207.46.51.64/26 ip4:213.199.154.0/24 ip4:213.199.180.128/26 ip4:216.32.180.0/23 ip4:64.4.22.64/26 ip4:65.55.83.128/27 ip4:65.55.169.0/24 ip4:65.55.88.0/24 ip4:94.245.120.64/26 ip4:131.107.0.0/16 ip4:157.56.73.0/24 ip4:134.170.132.0/24 -all" [+0 = 10 mechanisms] spfc.anotherexample.com   text = "v=spf1 ip4:207.46.101.128/26 ip6:2a01:111:f400:7c00::/54 ip6:2a01:111:f400:fc00::/54 ip4:157.56.87.192/26 ip4:157.55.40.32/27 ip4:157.56.123.0/27 ip4:157.56.91.0/27 ip4:157.55.206.0/24 ip4:157.55.207.0/24 ip4:157.56.206.0/23 ip4:157.56.208.0/22 -all" [ +0 = 10 mechanisms] _spf-c.example.com   text = "v=spf1 ip4:203.32.4.25 ip4:213.199.138.181 ip4:213.199.138.191 ip4:207.46.52.71 ip4:207.46.52.79 ip4:131.107.1.18 ip4:131.107.1.19 ip4:131.107.1.20 ip4:131.107.1.48 ip4:131.107.1.56 ip4:86.61.88.25 ip4:131.107.1.44 ip4:131.107.1.37 ~all" [+0 = 10 mechanisms] _spf-ssg-a.example.com   text = "v=spf1 include:_spf-ssg-b.example.com include:_spf-ssg-c. example .com ~all"  [+2 = 12 mechanisms] _spf-ssg-b.example.com   text = "v=spf1 ip4:207.68.169.173/30 ip4:207.68.176.1/26 ip4:207.46.132.129/27 ip4:207.68.176.97/27 ip4:65.55.238.129/26 ip4:207.46.222.193/26 ip4:207.46.116.135/29 ip4:65.55.178.129/27 ip4:213.199.161.129/27 ip4:65.55.33.70/28 ~all"  [+0 = 12 mechanisms] _spf-ssg-c.example.com text = "v=spf1 ip4:65.54.121.123/29 ip4:65.55.81.53/28 ip4:65.55.234.192/26 ip4:207.46.200.0/27 ip4:65.55.52.224/27 ip4:94.245.112.10/31 ip4:94.245.112.0/27 ip4:111.221.26.0/27 ip4:207.46.50.221/26 ip4:207.46.50.224 ~all" [+0 = 12 mechanisms] spf-a.secondexample.com   text = "v=spf1 ip4:157.55.0.192/26 ip4:157.55.1.128/26 ip4:157.55.2.0/25 ip4:65.54.190.0/24 ip4:65.54.51.64/26 ip4:65.54.61.64/26 ip4:65.55.111.0/24 ip4:65.55.116.0/25 ip4:65.55.34.0/24 ip4:65.55.90.0/24 ip4:65.54.241.0/24 ip4:207.46.117.0/24 ~all" [+0 = 12 mechanisms] Character String Too Long 255 character limitation in a single string https://kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html http://www.string-functions.com/length.aspx You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string. If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid rdata format: ran out of space".)  Strings in SPF and TXT records should be no longer than 255 characters.  However to get around this limitation, per RFC 4408 a TXT or SPF record is allowed to contain multiple strings, which should be concatenated together by the reading application.  In the case of use for SPF (using either TXT or SPF RRs) the strings are concatenated together without spaces as described below.  Reassembly by other applications of multiple strings stored in TXT records might work differently. 3.1.3. Multiple Strings in a Single DNS record As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example: IN TXT "v=spf1 .... first" "second string..." MUST be treated as equivalent to IN TXT "v=spf1 .... firstsecond string..." SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22 ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24 ip4:72.32.243.0/24 ip4:94.236.119.0/26  ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all“ text = "v=spf1 ip4:199.15.212.0/22“ " ip4:72.3.185.0/24 ip4:72.32.154.0/24 ip4:72.32.217.0/24" " ip4:72.32.243.0/24 ip4:94.236.119.0/26" " ip4:37.188.97.188/32 ip4:185.28.196.0/22 ~all" Null Records in the SPF Record A record that is NULL or that does not exist will break an SPF record.  Syntax within the record is very important, if there are extra spaces between mechanisms it will count as NULL. EXAMPLE text = "v=spf1 ip4:199.15.212.0/22 “ <- accurate text = "v=spf1 ip4: 199.15.212.0/22 “ <- NULL (NOTE the space between IP4: and the IP) Repetitive Records in the SPF Record - Void Lookups If there are too many repetitive mechanisms in the SPF record, including records that cascade (for example when using "include:") the record will break. There is a MAX of 2 void look ups in an SPF record.  More than that and the record will break.  This prevents SPF records from being used in Denial of Service style attacks. Validation Tools SPF checker, syntax validator and SPF tester http://www.kitterman.com/spf/validate.html SPF checker http://vamsoft.com/support/tools/spf-policy-tester SPF validator http://vamsoft.com/support/tools/spf-syntax-validator CIDR Calculator http://www.subnet-calculator.com/cidr.php Nslookup http://network-tools.com/nslook/ SPF creation wizard http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ Common SPF errors http://www.openspf.org/FAQ/Common_mistakes SPF syntax definitions http://www.openspf.org/SPF_Record_Syntax
View full article
When using Marketo it is not a requirement to set up DNS text records for SPF and DKIM.  However, Marketo recommends setting up SPF and DKIM because it improves the deliverability of your mailings.  Configuring and implementing one or both of these records is a way to verify that the server sending your mail is authorized to do so. If a recipient domain is configured to check for SPF and/or DKIM and those DNS records are available and your mail passes the SPF/DKIM check, it further reinforces its good reputation.  Not implementing SPF/DKIM records does not add to or subtract from its reputation, it’s just not there. Please note, not all domains check for SPF/DKIM and if this is the case, again, the presence of these records does not add or subtract from your mail’s deliverability. There is no negative effect to setting up these records, and it can improve your deliverability.  It is for these reasons that Marketo recommends setting up these DNS records and configuring their use in your instance of Marketo. For more information on how to set up and configure SPF/DKIM, please read our KB article here.
View full article
For a list of blacklists worth paying close attention to visit our article Top blacklists - What you need to know.
View full article
An email being filtered to a quarantine or bulk mail folder happens after the recipient mail server has accepted message.  Once an email has been accepted by a mail server, it is impossible to tell where it went or what happened to it.  Note that this is true of any mail sent by any system on the Internet. Every mail server has configurable filters that determine how received mail will be handled.  The mail server administrator should be able to adjust those filters to ensure delivery of emails based on their business standards, or there may even be end-user-configurable controls that can accomplish the same thing. If test mailings you are sending to yourself or your colleagues are being filtered to a quarantine or bulk mail folder, you should consider asking your email administrator to whitelist Marketo’s IP ranges.  They can be found here . You can also improve your deliverability in general by setting up SPF and DKIM records , setting up a custom DKIM signature and branding your tracking links .
View full article
As part of your efforts to maintain a healthy inbox delivery rate, you should be monitoring your email bounce rates. If your hard bounce rate climbs above 5%, you should take a closer look at what’s going on. If your hard bounce rate hits 10% or more, you should be concerned about your data quality. If you have a high hard bounce rate, it is likely that you have a high number of invalid addresses. An invalid address is an address that has never existed or no longer exists, so mail will never be delivered to these addresses.  Marketo automatically stops sending to these addresses, so you do not need to worry about suspending or removing them. But having a high invalid address rate could cause you major delivery problems and reputation issues, and could indicate problematic data sources or list segmentation practices that should be reevaluated. A high invalid address rate can lead to outright blocking of your mail at major ISPs. Many ISPs monitor the number of invalid addresses being sent to at their domains by specific senders. Once a certain threshold is hit, those ISPs will block mail coming from the offending sender. ISPs behave this way because they view a high rate of invalid addresses as an indication of problematic data practices of the sender. At best, a high invalid address rate means you are not sending to an engaged, active audience. At worst, it means that you are sending to purchased or rented lists, which is a violation of Marketo’s Email Use and Anti-Spam Policy. Chances are, if you have a high invalid address rate, there are other issues with your data that could also contribute to. If you receive a notification that we have noticed a high invalid address rate associated with your mailings, you should ask yourself some questions about your list management practices. Below are some things to consider: - Have you recently added any new leads or lead sources? Purchased lists are often full of invalid addresses. We often find that purchased lists contain numerous addresses from domains that don’t even exist any more. While you can use purchased lists to bulk up the data you have for existing leads, you cannot use them to bulk up your lead database. -Have you recently targeted old or inactive leads? We strongly recommend that you never send to an address that you haven ’ t mailed to for over a one year. You should be mailing to your contacts at least every six months. This will help prevent high invalid address rates, and will also help keep you and your content fresh in your contacts’ minds. If you do have to send to older leads, you should break up your lists and send to your most recent and active contacts first. - Who are you targeting?  Some senders have more problems with high invalid address rates because of their target audiences. For example, targeting .edu domains often causes high invalid address rates because these are school addresses that have a higher turnover rate. B2B campaigns may sometimes have higher invalid address rates because of similar turnover rates at businesses. The best way to avoid high invalid address rates is to send to opted-in, engaged recipients. To help with this, a lot of senders clear out their inactive leads every six months or so. An inactive lead is a contact that has taken no action in the given time period— they haven't opened an email, clicked a link, visited your webpage, attended a webinar, and so forth. This can help with both your high invalid address rates and spam complaints. Inactive leads are a dangerous group to continue mailing to because their behavior proves that they do not want to interact with your mail, and will therefore likely complain to us or to their ISPs about it. We have a great resource on how to create a Smart List to remove inactive leads here . If you still need some help, please feel free to reach out to our Support team ( support@marketo.com ). Additional resources: Dos and Don'ts of Effective Lead Generation Best Practices for Purchased Data
View full article
Before sending a Marketo email, you can preview it in order to ensure accuracy and the correct design. In Design Studio, find the email in the tree. Clicking on the email opens the Details page for that email. Click Preview Email to see the email as recipients will see it. You can also preview an email from the Email Actions dropdown menu.     The Previewer provides a highly accurate rendition of your email. You can even preview every possible combination of content that can be generated using Dynamic Content and lead data brought in by tokens.   For emails using Dynamic Content, you can send multiple versions of a test email at one time, up to 100 emails all sent to one specific email destination. If you are using the View Lead Details option, you can use a list you select. The list can be created expressly for this purpose. If the list is longer than 100 leads in length, only the first 100 leads will be used.   Marketo creates variations using the content you specify for the Segments that leads belong to; tokens are also resolved. This allows you to see exactly what your users will see when they receive the email, even when you use multiple Segmentations in a single email.   Note: If the email, and the campaign that sends it, are in the same Program, each My Token will resolve to the value appropriate to that Program. However, if the email and the campaign are in different Programs, the My Token resolves differently depending on how the email is sent. For sending test emails and single flow actions, the My Token resolves to the value appropriate to theemail’s Program; for emails sent by campaigns, the My Token resolves to the value appropriate to the campaign’s Program. Is this article helpful ? YesNo   Use the Previewer   To preview an email, find it, then follow these steps:   1.   In Marketo Lead Management, choose the Design Studio tab. Look at the tree on the left-hand side of your screen. 2.   In the tree, click the + next to Emails. A list of landing pages opens.   3.   In the tree, click the email you want to use. Details appear for the email. 4.   Click the button, Preview Email.  The Previewer opens. 5.   Inspect the page carefully.   6.   If you find problems, click Preview Actions, and choose Launch Editor. You can then fix problems in the Email Designer.   7.   If you used Dynamic Content, the version shown is the Default for all Segmentations used by the email. To view other versions, choose View by Segment from the pull-down; use the left and right arrows, and the Segment pull-down in the top right corner, to view each combination of Segments. The version of the email reflecting each combination of Segments displays.   8.   If you used Tokens or Dynamic Content, and you want to see how the email will render for a set of preselected leads, choose View by Lead Detail from the pull-down, then choose a list from the pull-down in the dialog box which appears; use the left and right arrows, and the pull-down, to step through the leads. The email updates with information for that lead.   9.   To send a test email, for any version of the email, bring that email onscreen in the Previewer; then, click Send Test. That version of the email will be sent as a test email. Tokens at the global level will be resolved; My Tokens – tokens that are a local asset to a Program – will not.   10.  When finished, close the Previewer.
View full article
When someone writes to abuse@marketo.com to tell Marketo that they received unsolicited email from one of our customers the result is called an abuse report.  Instead of just hitting the “Report Spam” button, someone actually took the time to write to our abuse@marketo.com address and explain to us that they never wanted email from the sender.  Because of this direct complaint we take these types of spam reports very seriously. Only about 10% of our customers ever receive any abuse reports at all so it is cause for investigation if you receive one. If you receive notification that someone filed an abuse report against your account review your list management practices. Below are some things to consider: When people sign up to receive emails from you, is it made clear to them that they are giving you permission to email them? Have you recently added any new leads or lead sources? Have you recently added older leads to your database that you have not reached out to in the past 6 months or more? Was there anything about the campaign that was complained about that makes it different from previous campaigns? In most cases people file these kinds of reports because: They never requested to be on your email list. They did request to be on your email list at some point but have forgotten because they have not heard from you in so long. The importance of using explicit opt-in in your list building efforts cannot be stressed enough. You should also send to active leads consistently enough that they continue to expect emails from you. The best ways to avoid complaint driven reputation issues is to send to opted-in, engaged recipients. To help with this, a lot of senders clear out their inactive leads every 6 months or so. An inactive lead is a contact that has taken no action in the given time period— they haven't opened an email, clicked a link, visited your webpage, attended a Webinar, and so forth. Inactive leads are a dangerous group to continue mailing to because their behavior proves that they do not want to interact with your mail and will likely complain to Marketo or to their ISPs about it. We have a great resource on how to create a Smart List to remove inactive leads here. If you still need some help, please feel free to reach out to our Support team ( support@marketo.com ). Additional resources: Abuse Report Deep Dive Blacklist Deep Dive
View full article
This originally appeared on the Brand Driven Digital blog, 9/19/2013. Written by Marketo's Digital Marketing Evangelist, DJ Waldow. Used with permission. Unemotionally Subscribed – People on your list who have not opened or clicked an email message from you in an extended (several months) period of time. They have not unsubscribed. They have not marked your message as spam. They either ignore it or take the time to actually delete it every time it lands in their inbox. Now, it depends on who you ask, but the percentage of your list that is considered “unemotionally subscribed” can be as high as 30%. Yup. Nearly one out of every three folks on your email list are not interacting with your emails … not at all. As I mentioned in this What Counts guest post, once you figure out who fits this “inactive” criteria, you have a few options: Immediately unsubscribe or delete them. I call this the “DO NOT PASS GO, DO NOT COLLECT $200″ approach. Move to a new list and mail to less frequently. I call this the “I think I need to see you a bit less often” approach. Send a last ditch “We missed you” type email. If they don’t respond, then do #1. I call this the “I’m going to give you one more chance” approach. Set up a re-engagement email series. I call this the “I really don’t want to break up, but if you are not responding at all, well, it’s over” approach. No one method is necessarily better than the other. I’ve seen all 4 executed before. As I often say, the best practice here is the one that’s best for your subscribers (and your business).   I recently came across a great – creative, human, funny – example of #3, the last ditch “we missed you” email. Thanks to Suzanne Oehler who forwarded me this email. Check out this email from NTEN: The Nonprofit Technology Network The subject line – We miss you! - was certainly one that would stand out in many inboxes. The intro paragraph was short and to the point, but nothing crazy.   But then it got fun … and creative.   The first call to action read: “If you’d like to continue receiving NTEN emails, click here by Friday, August 2nd. Yay! This makes us very happy.” Again, they get right to the point. They even add a bit of “human” (Yay! This makes us very happy.) But it gets better. The “click here” link leads to hilarious Happy Dog video. IF you are a dog owner, you’ll love this.   The second call to action read: “If you’d rather not receive NTEN emails, we’re sad to see you go. Simply delete this email and in a short time your account with NTEN will be removed from our systems.” Nothing crazy. Direct. Clear. Simple. However, the “sad” link again goes to a video – this one goes to a Sad Cat Diary video. Warning: some language in this video is NSFW. Then again, if you’ve ever owned a cat, you’ll appreciate the humor.   The third, and final, call to action read: “Of course, if you change your mind, you can always sign up again” with the “sign up” link taking clickers to their email subscription landing page, of course.   Now, fun and creative is one thing. If campaigns like these do not meet their intended goals (getting folks re-engaged), then, well, they are just “fun and creative.”   So … Did It WORK?   I contacted the team at NTEN to see how effective this campaign was. Below is what they shared with me.   They sent this email to a list of 24,000 subscribers who had not opened in email from them in the past year.   For this particular campaign, they reported the following metrics:   Open rate – 38.89% vs. 26.73% “average” over the previous few emails Click-to-Open Rate* – 47.37% vs. 12.3% “average” over the previous few emails *in other words, of the 38.89% who opened the email, nearly 50% clicked at least one link   Of those who clicked a link, the Top 4 most-clicked links were:   41.14%: Click Here (Happy Dog … to stay subscribed) 4.91%: Unsubscribe 2.21%: Sign up 2.14%: Sad (Sad Cat … to opt-out) By all accounts, I’d say this “We Miss You” campaign was a HUGE success? What do you think? Have you tried a “reenagement campaign in the past? If so, how effective was it for you? Drop a note in the comments below!   P.S. The email marketing team at NTEN shared their “lessons learned” from this campaign in this blog post. I love their transparency. Is this article helpful ? YesNo
View full article
If you sent an email from the Lead Database (as a Single Flow Action), as part of a campaign, or as a test email but didn't receive it, here are some tips. Check the "From:" address When sending a test message, make sure to check the "From:" address setting on your message. To do this, go to the Email Settings tab of the email editor. In the "From:" field, make sure that you either have a single valid email address, or a valid email address as the default. Many people want to send their messages from the lead owner. When you use the send test feature, the email address you are sending to doesn't have a full lead record, and so it doesn't have a lead owner. Since Marketo cannot send an email with no "From:" address, test messages without a valid email address in the "From:" field will not send. Send as a Lead If you have verified that the email had a valid From: address and you still aren't getting it, make sure to create yourself as a lead and send using a flow action. See if the mail was sent If you sent the email as part of a campaign or Single Flow Action, check the campaign's Results tab or your lead detail page to see if that mail was already sent to you. If it hasn't been sent yet, try waiting a little while longer. Check your Junk Mail In your email client, check your Junk Mail or Spam folder to see if the mail landed there. If it did, you should change the content of your email. Check your corporate spam filter Your corporate mail server may have blocked emails from Marketo; you should contact your IT department to see if this is the case. Please see our instructions for whitelisting Marketo's email servers: Add Marketo to Your Corporate Email Whitelist​ Try sending to a different recipient If you sent the original mail to your corporate account, try sending to a personal account on Yahoo or Gmail. If you sent it to a personal account, try your corporate mail account.  Use Marketo's Email Deliverability product The Email Deliverability PowerPack , with Design Informant and Inbox Informant, can warn you when your mail is being rejected because of its content and help you identify junk mail pitfalls. Also, using Domain Keys and SPF improve the chances of your email landing in your leads' inboxes. Contact Marketo If you still can't figure out what happened contact Marketo to see if we can help.
View full article
No, if you have received the blacklist notification, you are not blocked from sending mail.  You can continue to mail while you work through the remediation steps. The only time we will ever block you from sending mail is if you trigger a listing at Spamhaus, the world’s most respected and widely used blacklist. If this happens, you will receive a call or email to let you know what’s going on and we will work with you to resolve the issue. This is a rare occurrence. Additional Resources: Can you give me the spam trap address that triggered the listing? What is a spamtrap, or spam trap, and why does it matter? What is a blacklist? How does Marketo respond to blacklisting and spam notifications? Top blacklists - What you need to know Blacklist Remediation Successful Reconfirmation
View full article
The Google Apps antispam system uses a unique means of whitelisting. Customers on shared IPs should whitelist Marketo's entire sending ranges, because we sometimes need to move customers between IPs for technical reasons. The way to whitelist a range in Google Apps is to configure a manual IP block with a pass through. G Suite enables you to specify an IP address or range of addresses within a domain, and allow messages from those addresses only. This feature is sometimes referred to as IP lock. In G Suite, you set up this feature in the Content compliance setting. IP lock is a method that readily enables an administrator to simultaneously whitelist all incoming traffic from a particular domain while equally preventing spoofing by manually defining the allowed IP ranges. The following instructions are particularly useful with domains that do not have an SPF record and/or use third party applications to legitimately spoof their address. Setting up IP lock with the Content compliance setting includes three separate procedures: Adding the domain, defining the allowed IP range, and setting the correct disposition and NDR. See this page of Google documentation for more information: Enforce 'IP lock' in G Suite - G Suite Administrator Help Instead of using a CIDR range, this interface asks for the first and last IPs in the given range. Here are ours: 199.15.212.0 - 199.15.212.255 199.15.213.0 - 199.15.213.255 199.15.214.0 - 199.15.214.255 199.15.215.0 - 199.15.215.255 192.28.146.0 - 192.28.146.255 192.28.147.0 - 192.28.147.255 94.236.119.0 - 94.236.119.63 185.28.196.0 - 185.28.196.255 103.237.104.0 - 103.237.104.255 103.237.105.0 - 103.237.105.255 130.248.172.0 -  130.248.172.255 130.248.173.0 -  130.248.173.255 Is this article helpful ? YesNo
View full article