Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Service Desk spoofing out emails

Matthew Brown
Matthew Brown
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 9, 2018

We have noticed that some incoming email from Atlassian for Jira ticket response notifications are attempting to spoof the respondents’ email addresses from our  domain.

 

In an attempt to temporarily allow these spoofed emails to reach use, we added _spf.atlassian.net to our SPF record. However, the source IP addresses of the incoming spoof email does not match any of the IP ranges included in _spf.atlassian.net.

 

We would like to stop Jira from spoofing our domain. If this is not possible, we need to know the correct information to add to our SPF record.

 

Answer
Watch
Like Be the first to like this
1966 views

1 answer

0 votes
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 11, 2018

Hi Matthew,

Just to make sure that we are on the same page, would you like Jira to send notifications on behalf of your domain?
Have you added _spf.atlassian.net on your domain to allow the emails?
If possible, can you please send us a screenshot of these emails that you are receiving?

To add the SPF record, you must follow the steps provided on the documentation below:

- Configuring Jira Cloud to send emails on behalf of your domain

Then you can check here if it was added correctly.

Please, let us know more details of the issue you are facing for us to check what is the cause.

Regards,
Angélica

View More Comments
Matthew Brown
Matthew Brown
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 12, 2018

.

Like
Frank Perez
Frank Perez
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 12, 2018

Hi Angelica,

 

Thank you for your response. I am the Systems Engineer at CPP working with Matthew on this issue.

As stated in Matthew's original post, we do NOT want Jira spoofing our email domain. But it is, so we attempted temporarily adding _spf.atlassian.net to our SPF record. However, the incoming spoofed email from Jira is coming from IP addresses that are NOT included in _spf.atlassian.net. So they still get rejected....

So we either need to know how to get Jira to stop spoofing us when sending response notifications for tickets (We STILL want to receive these notifications). Or, we need to know the actual IP ranges that these emails will be coming from, because they're not coming from the ranges included in _spf.atlassian.net (Review it here).

I've attached a screenshot of our logged rejected spoofed email from Atlassian.

 

Thanks.

 

spoofed_jira_email.png

Like
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 14, 2018

Hi Frank,

Thank you for the details.
I've checked the screenshot and validated that those IPs are listed as "Outbound email" on our documentation, so you should allow those IP ranges.

Here it shows the list:

- Atlassian Cloud IP ranges and domains

Can you please test and let us know if it works?

Regards,
Angélica

Like
Frank Perez
Frank Perez
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 17, 2018

Thank you, Angélica.

If Atlassian is using those IP's for outbound email, they should add them to their SPF record (_spf.atlassian.net), especially if they are spoofing customer domains, as in our case.

 

How can we get Jira/Atlassian to stop spoofing us?

 

Thanks.

Like
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 19, 2018

Hi Frank,

I've searched more about these emails that you are receiving, and it looks like your instance is being affected by a bug:

- https://jira.atlassian.com/browse/JRACLOUD-69423

Please, click on vote and watch to receive updates about the bug, that it's almost resolved.

Regards,
Angélica

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security