APM Email notification is reported to be sporadic.
Investigation reveals that email notifications generated by Internal APM Users, such as approval notifications, are not received by other internal APM Users who are expecting them, while emails generated by APM Server processing scheduled actions, such as Alarm notifications, are received by Users on Notification list.
IT investigation reveals that emails are being blocked with the following message:
550 5.7.509 Access denied, sending domain [yourdomain.com] does not pass DMARC verification and has a DMARC policy of reject.
This is that your organization's email policy is preventing the delivery of the email.
Note that Bentley APM uses SendGrid as a 3rd party SMTP Service Provider.
In our most recent case, the issue was that the email policy was set to reject with DKIM Signature less than 2048bit. The default DKIM signature applied to emails forwarded via SendGrid from a non-registered domain is only 1024bit.
These emails are being generated by a trusted source. A request must be submitted to your IT security team to work with us to ensure that APM emails are trusted and pass DMARC verification.
The emails are distinctly identifiable because the email header.from (ORIGINATOR) would be yourdomain.com and the smtp.mailfrom (SENDER) would be sendgrid.net
There different options your IT can implement to establish trust to accept APM User generated emails:
In case that it is the 2048bit signature that is required, here are steps to follow to authorize internal APM User emails to other internal APM Users:
Microsoft: 550 5.7.509 Access denied
Microsoft: Create safe sender lists | Microsoft Learn