What is allowlisting?
An important authentication step, allowlisting is the practice of explicitly authorizing a specific domain and sending IP to have access to a particular privilege, like delivering emails. Allowlisting is sometimes referred to as “whitelisting” and can be described as a way to ensure internal delivery or as creating a safe sender list.
If you’re having trouble either receiving your own email campaigns or others in your company aren’t receiving your campaigns, you may want to ask your IT team to allowlist our addresses. While everything that you are sending via your account is coming from our servers, sometimes there can be a problem when account users send emails from us to their own email account on their own server. Generally, the reason for this is that you set a sender address in your account that claims to be coming from “@yoursite.com” so none of your recipients will be wise to the fact you are actually using an email service provider (ESP).
This is all well and good, but when the emails come from our system to your server, your server is sophisticated enough to know that the email claims to be internal (@yoursite.com) but is actually coming from our sending domain (e2ma.net).
Since external emails claiming to be internal emails is a somewhat common spamming tactic, your server may prevent this from happening; which is where allowlisting comes into play. The information in this article should give your IT team everything they need to set up allowlisting on your behalf.
We recommend setting up allowlisting at all points where incoming emails are checked, as other forms of authentication can be affected by internal relays or hops through multiple servers.
While rare, occasionally it may be necessary for external recipients with private domains to allowlist our IP range if they have stringent cybersecurity measures in place. This is most often the case with government agencies, financial institutions, medical groups, and other similar organizations.
Our sending domain and IP range
By having your IT team allowlist e2ma.net and our sending IPs below, you are telling your server that we can be trusted and not to block the emails we send to your server on your behalf.
| Sending domain: | e2ma.net |
|---|---|
| IP range: | 139.60.0.0/22 |
If your system does not allow the above /22 IP range, then you can use these IP ranges instead:
- 139.60.0.0/24
- 139.60.1.0/24
- 139.60.2.0/24
- 139.60.3.0/24
Alternative methods of allowlisting
Some organizations will not allowlist an IP range or a domain, for a variety of reasons. If your organization falls into this category, here are some other ways that your IT team could potentially allowlist your messages:
Allowlist based on DKIM signing
Once DKIM is set up in your email marketing account, your IT team can set up allowlisting so that only messages that are DKIM signed on your domain are able to pass the allowlisting. No other customers would meet this requirement, so only mail from your account(s) would be allowlisted. If you have not yet set up DKIM in your email marketing account, please refer to our DKIM authentication setup guide and, if applicable, our DKIM for tiered accounts article.
Allowlist based on account ID
The return-path domain for all emails sent from our system is e2ma.net. The format of the full return-path will be [mailing ID].[account ID].[audience member id]@e2ma.net. While the mailing ID and audience member ID will change with every mailing, the account ID will stay consistent through all of your mailings. This means, your IT team might be able to set up a allowlisting rule that says something like “allowlist all messages that come from the domain e2ma.net AND contains 1234567.” Of course, 1234567 would be replaced with your (sub)account’s ID.
If your IT team is familiar with Regex, this formula can be used to capture all messages sent through our system that come from your account: .*acct_id.*@e2ma.net. You will need to replace “acct_id” with your actual account ID for this to work. If you have a tiered account, this would need to be done for each subaccount that you are sending from.