To receive emails from Kallidus systems, the FAQ below will help you and your internal IT set up the correct email configuration to improve email deliverability. If you are sending emails to any mail server not under your IT department's control to whitelist, you must set up SPF and DKIM to allow email delivery.
You should ask your messaging team, IT team or ISP to:
- Allow our mail servers to relay for your domain by adding the addresses to your SPF record. This will allow Kallidus systems to legitimately send email from your domain, which third-party email servers may otherwise reject.
- Implement DKIM signing for email originating from Kallidus. DKIM is a method of digitally signing email with a key that an external recipient can validate, providing the recipient server with an additional level of trust.
- Add our mail server addresses to the whitelist for sending servers. This will ensure that email is not flagged as spam or filed as junk.
- For important messages, ensure that your system is configured to send text messages.
How do I implement SPF?
To authorise Kallidus to send email on your behalf, you must add our SPF mechanism to your SPF record:
- include:kallidus-suite.com
To confirm that your SPF record passes validation checks, use an SPF Query Tool:
If validation fails with Too many DNS lookups, you can add the individual Kallidus mail relay servers to your SPF record instead:
- a:mailrelay.kallidus-suite.com
- a:mailrelay1.kallidus-suite.com
- a:mailrelay2.kallidus-suite.com
- a:mailrelay3.kallidus-suite.com
- a:mailrelay4.kallidus-suite.com
How do I implement DKIM?
Your organisation need to update the DNS records of your domain so systems can locate the domain key for email verification. We specify two keys to allow for rotation and replacement as a security measure, so both entries should be added to your DNS by your IT team.
Two CNAME records are required:
- kal1._domainkey.your_email_domain.com points to dkim1.kallidus-suite.com
- kal2._domainkey.your_email_domain.com points to dkim2.kallidus-suite.com
Examples:
Please open a support ticket once the records have been added and we will enable DKIM signing of emails.
Kallidus do not recommend adding server IP addresses to whitelists as these may change.
Support for “Reject Direct Send” in Microsoft Exchange Online
“Direct Send” is a term used by Microsoft to describe messages sent directly to mailboxes from customer-owned domains with no additional authentication.
Where a From address uses a customer-owned domain and the recipient mailbox resides on the Exchange Online platform, messages from Kallidus systems are considered Direct Send messages. In June 2025, Microsoft released preview functionality in Exchange Online to enable administrators to reject Direct Send messages.
Currently, Kallidus does not support the use of this functionality, and, in this scenario, messages sent from Kallidus will be rejected by Exchange Online. Kallidus is working to improve support for authentication with Exchange Online, but has no date for its availability at this time. In the short term, impacted customers should either:
- Implement a rule to allow Kallidus messages to be delivered
- Use an “@kallidus-suite.com” address for sending from Kallidus
- Not enable “Reject Direct Send” on Exchange Online