Views:

After adding a domain, perform required configurations to finish provisioning the domain. On the Domains screen, any domain missing required configurations is in the "Configuration required" status, and a red exclamation mark will be shown next to the field that requires your operation or reports any problem. You can hover over the exclamation mark to view the detailed error message.

After you finish all required operations, the status of the domain will change from "Configuration required" into "Completed."

  1. In the General section, verify your domain.
    1. Add the TXT record provided on the console to your domain's DNS configuration to prove that you own the domain.
    2. Click Verify.

      The message "Domain verified" appears if the domain verification is successful.

    If you have difficulty adding the TXT record, you can add an MX record for your domain instead:

    Add an MX record for the Hosted Email Security server with the highest preference value.

    • For Europe, the Middle East, Africa: in.hes.trendmicro.eu

      <your_domain>  MX preference = 20, mail exchanger = <your_domain_mta>
      <your_domain>  MX preference = 32767, mail exchanger = in.hes.trendmicro.eu

    • For all other regions: in.hes.trendmicro.com

      <your_domain>  MX preference = 20, mail exchanger = <your_domain_mta>
      <your_domain>  MX preference = 32767, mail exchanger = in.hes.trendmicro.com
    Note:

    In the preceding MX record, the second preference value 32767 is only used as an example. When setting the second preference value, make sure it is larger than the first preference value, which means this route has lower priority than the first one.

    To learn more about MX records, see About MX Records and Hosted Email Security.

    If your domain does not pass the verification, the default antispam and antivirus policy rules for the domain will be locked and cannot be changed.

    Tip:

    DNS propagation can take up to 48 hours. The status of the domain you are adding does not change until DNS propagation is complete. During this period, do not turn off any on-premises security. While waiting for DNS propagation, you can use the administrator console to customize the domain settings for features such as Policy, Recipient Filter, Sender Filter, Policy Objects, BEC, and IP Reputation.

    If the domain stays as unverified for more than 48 hours, confirm that the TXT record or MX record for the domain is correct.

    • For Linux, run one of the following commands:

      dig txt <domain_name>

      dig mx <domain_name>

    • For Windows, run one of the following commands:

      nslookup -q=txt <domain_name>

      nslookup -q=mx <domain_name>

  2. In the Inbound Servers section, complete the following configurations:
    1. Configure your firewall to accept email messages from the following Hosted Email Security IP addresses or CIDR blocks:

      Europe, the Middle East, Africa:

      52.48.127.192/26

      52.58.62.192/26

      52.58.63.0/25

      All other regions:

      54.86.63.64/26

      54.219.188.0/26

      54.219.191.0/25

      Note:

      If you are using a third-party IP reputation service, add the preceding Hosted Email Security IP addresses or CIDR blocks to the approved list of the IP reputation service, or disable the third-party service and enable Hosted Email Security to perform IP reputation-based filtering for you.

    2. Click Test Connection.
    3. Point the MX record of your domain to the Hosted Email Security server with the lowest preference value.

      • For Europe, the Middle East, Africa: in.hes.trendmicro.eu

        <your_domain>  MX preference = 20, mail exchanger = <your_domain_mta>
        <your_domain>  MX preference = 10, mail exchanger = in.hes.trendmicro.eu

      • For all other regions: in.hes.trendmicro.com

        <your_domain>  MX preference = 20, mail exchanger = <your_domain_mta>
        <your_domain>  MX preference = 10, mail exchanger = in.hes.trendmicro.com

      To learn more about MX records, see About MX Records and Hosted Email Security.

    4. Click Verify to verify the inbound servers you added.

      The message "Inbound servers verified" appears if the inbound server verification is successful.

    5. Type an email address next to Send test message to to verify that messages are being delivered from Hosted Email Security.
  3. In the Outbound Servers section, complete the following configurations:
    1. If your domain has SPF records, make sure the following record is also included:

      spf.hes.trendmicro.com

      For details on adding SPF records, see Adding SPF Records.

    2. Click Verify.
    3. Route your outbound mail server to the following Hosted Email Security MTA for your region:

      Europe, the Middle East, Africa: relay.hes.trendmicro.eu

      All other regions: relay.hes.trendmicro.com

  4. If you currently use Office 365, configure Office 365 connectors to allow email traffic to or from Hosted Email Security MTAs.

    See Adding Office 365 Inbound Connectors.

    See Adding Office 365 Outbound Connectors.

Parent topic: About Domain Management