Hello, using Gravity Forms on our company website. The forms send using the {admin} email in WordPress, which is one of our domain emails. Our email threat protection flags the form submission emails as Spoof emails since Gravity Forms sending servers are coming from outside our sending M365 servers. Reached out to our email service, and they advised that to clear the Spoofing flag, a rule can be created if we know the CIDRs used by Gravity Forms (seems it uses ASW servers, with 4 ranges I was told). Alternatively, they asked if we could add “something /tag” unique to Gravity Forms that gets added to the generated emails’ headers, and then we could filter them by that. Does anyone know how to do this, or know the CIDR used by the forms? As far as the individual submissions IP addresses go, we tested by completing a form 3 times in a row and each submission email came from a different IP. I believe this is why they asked me to look into the CIDR? Using a different email (from outside our domain) in the {admin} or form directly, would solve this but hoping to solve this by using one of domain emails. Thank you for any advice. Sam
Hi Samuel. The emails are not sent through any of our servers, so you don’t need our IP addresses. You would need the IP addresses or CIDR blocks for the web server or mail server that is sending the email for your website.
As far as adding a header to avoid any of the IP address information, you can use the gform_pre_send_email filter. See the code example here:
We also posted something similar here:
Regarding headers for notification emails, you can also reference GF_ENABLE_NOTIFICATION_EMAIL_HEADER and the filter gform_notification_email_header to customize content.