Cryptographic signatures solve a lot of anti-spam problems, and at my organization are not subject to alteration by their "safelinks" product. Can this be enabled? I'd be willing to buy a cert if needed.
Hi Michael, no, the Send email action can't attach a cryptographic signature. Automation hands the message to Atlassian's mail servers to send, so there's no point where you can sign it with your own S/MIME or PGP certificate. Buying a cert won't help here because the action gives you nowhere to apply it.
Arkadiusz is pointing you somewhere useful though. What you can improve for anti-spam is domain authentication, so SPF, DKIM and the DMARC record he linked. That's what mail providers check to decide your automation mail is legitimate, and getting all three aligned is usually what keeps these out of spam. On Cloud, Atlassian already publishes SPF/DKIM for its own sending domain; your part is the DMARC record, and if you send from your own domain, aligning that domain's SPF/DKIM too.
If a per-message cryptographic signature is a hard requirement, the route is to take the send off the native action: use a Send web request (or your own SMTP relay/gateway) to a mail service that signs with your certificate, and let that system deliver the message. The signing happens on your side, not inside Jira.
Which of the two you need comes down to the goal, deliverability is the domain-auth route, a genuinely signed message is the external-relay route.
Hello and Welcome to Atlassian Community @Michael S_ Williamson
It depends a little on what kind of “signature” you mean.
Atlassian Support it partly What are the DNS records required for configuring DMARC? | Atlassian Support
Best,
Arek🤠
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
S/MIME cryptographic signatures of the email message itself is what I'm looking for. We have this inline product called "Safelinks" at my institution that annoyingly re-writes URLs on all unsigned emails, making them pretty much unreadable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hm, you can also Use Automation's Send web request action to route the notification payload to an external service or internal mail gateway that handles S/MIME signing before delivery.
You need either policy tweak or external relay.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.