Qualys is in the process of strengthening its email security posture, which includes alignment of SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and implementation of DMARC (Domain-based Message Authentication, Reporting, and Conformance) for various mailing domains used for its operations.
At present, the domain
qualys.com is used for both Qualys corporate emails and Qualys Cloud Platform (QCP) customer emails. As a security best practice, we are segregating the corporate email domain from the platform bulk emails by using
qualys.net, which would be the dedicated email domain for our platform emails. As a result, the domain used for account management emails, scan notifications, and daily vulnerability feed emails will change from
@qualys.net. Customers may require to add
@qualys.net to their approved senders’ lists and domains to avoid any quarantine or incorrect categorization of Qualys emails.
Shared Cloud Platform customers, who have configured their own (non-Qualys) domains in their subscription for email notifications on scan status and scheduled reports, will need to add the Qualys MX IPs mentioned below to their SPF records. In case customers have enforced strict DMARC policies then they need to whitelist the mailing domain *@qualys.net on their email gateway/email security solutions.
v=spf1 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168 ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206 ip4:220.127.116.11/20 ip4:18.104.22.168/24 ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52 ip4:184.108.40.206/22 ip4:220.127.116.11/23 ip4:18.104.22.168/24 ip4:22.214.171.124/24 ip4:126.96.36.199/22 ip4:188.8.131.52/22 ip4:184.108.40.206/22 ip4:220.127.116.11 ip4:18.104.22.168 ~all
Private Cloud Platform customers do not need to make any change if they have configured their own email domains and SMTP gateways. The default configuration for PCP email domains will also change to
The change of default domain for QCP emails to qualys.net is scheduled by end of Q4,2022 for the following applications:
- Qualys Web App Scanning
- Qualys Security Assessment Questionnaire
- Continuous Monitoring
- Malware Scanning
Similar changes will be implemented in other Qualys Cloud Platform apps by Q4, 2022. Customers are requested to take a note of this change and allow the new domain ‘qualys.net’ at the earliest.
We appreciate assistance from our customers in enhancing our platform security. For any queries, feel free to reach out to https://www.qualys.com/support/.