Qualys is in the process of strengthening its email security posture, which includes alignment of SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and implementation of DMARC (Domain-based Message Authentication, Reporting, and Conformance) for various mailing domains used for its operations.
At present, the domain
is used for both Qualys corporate emails and Qualys Cloud Platform (QCP) customer emails. As a security best practice, we are segregating the corporate email domain from the platform bulk emails by using
, which would be the dedicated email domain for our platform emails. As a result, the domain used for account management emails, scan notifications, and daily vulnerability feed emails will change from
. Customers may require to add
to their approved senders’ lists and domains to avoid any quarantine or incorrect categorization of Qualys emails.
Shared Cloud Platform customers, who have configured their own (non-Qualys) domains in their subscription for email notifications on scan status and scheduled reports, will need to add the Qualys MX IPs mentioned below to their SPF records. In case customers have enforced strict DMARC, DKIM public keys need to be provided to Qualys Support to relay the customer emails.
v=spf1 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52/20 ip4:184.108.40.206/24 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199/22 ip4:188.8.131.52/23 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/22 ip4:22.214.171.124/22 ip4:126.96.36.199/22 ip4:188.8.131.52 ip4:184.108.40.206 ~all
Private Cloud Platform customers do not need to make any change if they have configured their own email domains and SMTP gateways. The default configuration for PCP email domains will also change to
The change of default domain for QCP emails to qualys.net is scheduled by mid-Dec, 2021 for the following applications:
- Qualys Web App Scanning
- Qualys Security Assessment Questionnaire
- Continuous Monitoring
- Malware Scanning
Similar changes will be implemented in other Qualys Cloud Platform apps by Q1, 2022. Customers are requested to take a note of this change and allow the new domain ‘qualys.net’ at the earliest.
We appreciate assistance from our customers in enhancing our platform security. For any queries, feel free to reach out to https://www.qualys.com/support/.