Configure Email Security

Email delivery issues are sometimes caused by simple missteps. Review these initial steps before continuing through more advanced troubleshooting.

UKG Pro emails are sent from UKG’s data center directly to the servers listed in the Simple Mail Transfer Protocol (SMTP) recipient domain MX (Mail Exchanger) records.

If emails are sent from UKG Pro using your domain addresses in the From field using spoofing, have your IT team configure your DNS/SPF records to approve sending from the IP addresses listed in these steps.

  1. Ensure valid From and To addresses are included in all emails from UKG Pro solutions:
    • There are no blank From fields.
    • Email addresses have the correct spelling.
    • Recipient email addresses are associated with valid mailboxes.
  2. Check Spam, Quarantine, Trash, Junk filters, email rules, and folders.
  3. Configure email security to allow UKG to send emails on behalf of your company's domain.
  4. Configure Sender Policy Framework (SPF):
    • To use an Include Statement, use this domain that includes all necessary Internet Protocol (IP) addresses: include: _spf.ultipro.com
    • To add by IP address, use IP4:address and these IP addresses:
      • Atlanta - secmail.ultipro.com or 208.86.168.7
      • Las Vegas - secmail.ultipro.com or 135.84.68.123
      • Toronto - secmail.ultipro.ca or 206.152.14.54

    Note:

    The Toronto entry is not required for environments located in E (Atlanta) and N (Las Vegas).

  5. Configure DomainKeys Identified Mail (DKIM). Emails from ultipro.com and ultimatesoftware.com are sent with a DKIM signature that references the UKGPro.com Domain Name System (DNS) servers. This configuration allows UKG to rotate keys. No additional configuration is needed on your end. MXToolbox contains UKG’s most up-to-date customer domain key configuration.
    You can check the headers of any email from a UKGPro domain and see if DKIM passes, which means the message’s integrity is confirmed.
    Authentication-Results: mx.google.com
    dkim=pass header.i=@ultipro.com
    With the combination of our existing DKIM and SPF record configuration, whoever receives an email from UKG Pro from these domains can verify that the email:
    • Came from the sender it claims to come from.
    • The message content has not been modified in transit.

    Note:

    For domains other than ultipro.com or ultimatesoftware.com, UKG supports DKIM signing on behalf of spoofed domains. You may open a support case to learn about the steps needed to have DKIM configured. Be sure to include the following information when opening a case:

    • Domain or domains that will have DKIM signing enabled.
    • If there are any subdomains.

  6. Check with your IT department if your email service leverages Transport Layer Security (TLS), which UKG uses. If your email service supports TLS encryption, the email communication will default to TLS.

    Note:

    You also have the option to use forced TLS, which can be configured by a UKG representative. When forced TLS is enabled for email communication, if your organization's TLS certificate expires or is revoked, email will stop flowing.

Related Topics
Parent topic: Notifications

Last Updated: 11/8/2024 6:45:51 p.m.