Hi,
I believe there should be a separate source added for GoDaddy Advanced Email Security, which currently uses ProofPoint as their security vendor.
The reason I believe a new source should be added is because the DNS records for GoDaddy Advanced Email Security are both found in a different area of the website as well as completely different to both ProofPoint and GoDaddy’s regular services.
GoDaddys available documentation is also lacking clarity with many of their guides not providing the information and when they do it’s not clear enough.
At the same time ProofPoint as well lacks a warning/section alerting users that users of GoDaddy’s Advanced Email Security should use a different set of DNS records / find them via one of the options below:
Feedback has been provided to both GoDaddy & Proofpoint, GoDaddy have vowed to improve their documentation and Proofpoint have passed the feedback onto their support and marketing teams to see what they can do to clear this up.
How/Where do I find my GoDaddy Advanced Email Security settings:
-
Option 1: Look at the highlighted section over at https://www.godaddy.com/en-au/help/add-an-spf-record-to-my-domain-for-microsoft-365-40499#:~:text=If%20you%20use%20Microsoft,secureserver.net%20~all. you must make sure
-
Option 2: Sign into https://productivity.godaddy.com/, navigate to users and next to a user click “Manage” and then choose “Set Mail Destination” and you’ll see a full list of DNS records.
-
Option 3: Use the following DNS Records:
CNAME autodiscover autodiscover.outlook.com
MX @ 0 mx1-usg1.ppe-hosted.com
MX @ 0 mx2-usg1.ppe-hosted.com
MX @ 0 mx2-usg1.ppe-hosted.com
TXT @ "v=spf1 include:_spf-usg1.ppe-hosted.com include:secureserver.net ~all"
You could alternatively use: a:dispatch-usg1.ppe-hosted.com
instead of include:_spf-usg1.ppe-hosted.com
which will save you 1 SPF lookup
You could alternatively also use include:spf-0.secureserver.net
instead of include:secureserver.net
which again will save you one SPF lookup
Logically you could also probably use include:spf.protection.outlook.com instead of include:spf-0.secureserver.net
OR include:secureserver.net
because if you’re sending emails through Office365 with Advanced Email Security from GoDaddy then you shouldn’t need to be authorizing GoDaddys regular IPs… This would again save you another SPF lookup.
Bare in mind with these alternatives down the line there could be issues with sources not being whitelisted/authorized if they add extra lookups
Hopefully this information helps someone!