Implementing allowlisting
Spam filters are sensitive and particular, but there are a few basic steps that we recommend you and your IT team take before your first send from Axios HQ to help ensure your editions land in your audience’s inboxes!
Table of Contents
- Review your settings
- Implementing allowlisting
- Domains and HQ addresses
- Spam filters
- Rate limiting and bulk rules
- Senders and distribution lists
- Sending externally
1. Review your settings
Remember, Axios HQ is spoofing your address, which your rules are built to block. This article will cover recommendations for adjusting your guardrails and adding exceptions your team likely has in place.
You're the expert of your systems! Please review these settings in your configuration in order to capture anything that may block HQ messages from your recipients' inboxes.
2. Implementing allowlisting
IP Addresses
We recommend allowlisting based on IP address where possible. Your messages may be sent from any of the following IPs, which are owned by Axios HQ and shared between our clients:
- 161.38.197.185
- 161.38.193.72
- 161.38.199.137
- 69.72.40.213
- 198.244.48.62
- 161.38.203.217
- 161.38.202.169
- 69.72.45.20
- 69.72.39.145
- 198.244.56.18
Remember to review any rules, exceptions, and anti-spoof blockers, and add these IPs or the following domains where applicable.
3. Domains and HQ addresses
Ensure *.axioshq.com/ is not blocked in your firewall settings. If allowlisting specific domains is relevant to your setup, please also add the following:
- images.axioshq.com
- assets.axioshq.com
- images.axiosplus.com
- t.axioshq.com
- images.unsplash.com
Safe-sender these specific addresses:
- noreply@axioshq.com
- help@axioshq.com
If your team is using a Custom Domain, there may be additional records your team will need to allowlist. Review the linked document to determine what is relevant in your setup.
- Links will redirect with your custom CNAME record to track clicks. Your tracking pixel will also come from this domain.
- Additionally, this CNAME record should be added to any VPN/LAN networks you may have on your office or campus.
- It will look something like email.subdomain.domain.com.
4. Spam filters
Here are some helpful notes for specific systems your team may use:
- Microsoft / Exchange / Outlook: Sending with Outlook and its corresponding Microsoft software often requires manipulating security settings in multiple locations.
There are many settings in Outlook that relate to Allowlisting; please review configurations in the Microsoft Admin Center, Trust Center, Microsoft Defender, and GPO.
Click here to see what settings we recommend when sending through Outlook.
- Mimecast: Certain policies within Mimecast may need exceptions, and an update should take place in what is blocked by "URL protection settings" if images will not display. Rules should be configured for Axios HQ IP addresses and ensure any impersonation protections that are in place can be circumnavigated by our software if you choose to integrate with a Custom Domain. Additionally, we recommend you review Mimecast's Anti-Spoofing SPF Bypass policy
- Proofpoint: Proofpoint may require adding Axios HQ IP addresses and domains to the Anti-Spoofing Exceptions List to bypass any inplace anti-spoof protection. This may only be relevant if your team is integrating with a Custom Domain. Proofpoint may also rate-limit your sends if you are sending to a large audience.
5. Rate limiting and bulk rules
Rate Limiting is a method of controlling or restricting email flow to your server by limiting the number of messages that can be received within a certain period of time. Bulk rules, or bulk threshold rules, control these rate limits.
⏫ This setting is particularly relevant for organizations that intend to send to an audience with tens of thousands of recipients.
If your organization has limits in place, messages may take minutes or hours to send to your entire audience. Some messages may even ultimately fail or bounce if your servers do not allow the message through in time.
Review rate-limiting settings before sending to large audiences to ensure that this does not affect your team!
6. Senders and distribution lists
📬 Senders
Axios HQ allows you to customize the Title, Byline, Sender name, and Send-from email address on the Settings page.
Some names and addresses may have strict requirements, and more easily trigger spam quarantine conditions. Examples include sending as the CEO, president, or other high ranking positions. These settings may be on their email address or name.
Review these specific rules, especially if your team intends on sending on behalf of someone else!
📁 Distribution Lists
Certain distro lists may have restrictions on who can send to them.
If you are connecting with a Directory Sync integration, this won’t be an issue: Directory Sync imports your lists and sends to each individual directly, rather than to the distro, so any overarching rules on the distro email will not apply. This allows us to capture analytics at an individual level.
If you intend to send to a distribution list, please check the restrictions that may prevent an outside source like Axios HQ from properly sending.
7. Sending externally
Unlike an internal audience, where every employee would be covered under the same allowlist umbrella, an external audience is full of individuals with different email clients and settings.
If you’re planning to use Axios HQ to send updates outside of your organization, we highly recommend some additional steps:
- Send from an email address your audience will recognize by setting up a custom domain with Axios HQ! By default, all HQ newsletters send from our basic address noreply@axioshq.com, but we can customize this to match your organization.
- Encourage your audience to safe-sender whatever address you’re sending from: if their inbox recognizes the incoming email, it won’t end up in spam.