Allowlisting Easy Employer Emails (Client IT Guide)

Updated 2026-01-23 04:47:45 UTC Created 2025-12-29 05:03:53 UTC

This guide helps your IT team ensure that Easy Employer transactional emails (such as account activation emails) are delivered reliably and are not incorrectly filtered as spam.

NOTE: The most reliable allowlisting approach is to trust authenticated mail (SPF, DKIM, and DMARC) and allowlist by domain and verification results. IP allowlisting is not recommended unless your security gateway requires it, because cloud sender IPs can change. 

Contents

 

Easy Employer sends automated, account-related emails (such as activation and password setup notifications). Some email security platforms apply stricter filtering to automated messages by default, even when SPF, DKIM, and DMARC authentication passes. Allowlisting ensures these business-critical emails are delivered reliably.

What to allowlist

Easy Employer transactional emails may use the following identifiers.

Type Value What it means
From domain easyemployer.net The visible sender domain in the From address.
Return-Path (bounce) domain bounce.easyemployer.net The envelope sender used for delivery and bounces.
Example From address comms+prod@easyemployer.net An example sender used for transactional messages.
Sending service Amazon SES (ap-southeast-2) Cloud email service used to send the message.
Example sending host b232-15.smtp-out.ap-southeast-2.amazonses.com SMTP host observed in the message headers.
Example sending IP 69.169.232.15 An IP observed in the message headers. This can change over time.
TIP: If your mail system supports it, prefer allowlisting based on authentication results (SPF PASS, DKIM PASS, DMARC PASS) and domain alignment for easyemployer.net

Recommended allowlisting approach

Use the following approach in priority order:

  1. Allowlist by domain and authentication: Permit messages where the From domain is easyemployer.net and the message passes SPF and DKIM, with DMARC passing for easyemployer.net.
  2. Allowlist the bounce domain: Ensure bounce.easyemployer.net is not blocked, since it is used as the Return-Path for delivery.
  3. Only if required, allowlist IPs: Some secure gateways require IP allowlisting. Use this only if necessary, because IPs can change with cloud sending services.

Microsoft 365 and Exchange Online steps

These are common approaches used by IT teams. The exact option names can vary depending on your Microsoft security licensing.

Allowlist the sending domains

  • Add easyemployer.net and bounce.easyemployer.net to your allowed sender or allowed domains list in your email security policy.
  • If you use Microsoft Defender for Office 365, review your anti-spam inbound policy and allow list entries.

Use authentication-based allow rules

  • Create a rule that permits mail where DMARC = pass for easyemployer.net.
  • If your system supports it, require DKIM = pass for the From domain.
NOTE: Avoid broad allow rules that bypass malware scanning. Use the narrowest scope possible, ideally based on domain and authentication results. 

Google Workspace Gmail steps

If you manage Gmail delivery policies via Google Workspace, you can improve delivery using domain and authentication signals.

  • Allowlist the sender domain easyemployer.net.
  • Ensure bounce.easyemployer.net is not blocked, since it can appear as the envelope sender (Return-Path).
  • If you use Gmail compliance rules, prefer rules that permit mail when DMARC passes for the From domain.

Secure email gateways (Mimecast, Proofpoint, Barracuda)

If you use a secure email gateway, apply allowlisting in the gateway first, then confirm the message is not being quarantined downstream.

  • Allowlist easyemployer.net as an approved sender domain for inbound mail.
  • Allowlist bounce.easyemployer.net as an approved envelope sender domain.
  • If the gateway supports it, allow based on authentication results (SPF, DKIM, DMARC) and alignment.

How to verify an email is authentic

If you have a sample email, check its headers for these outcomes:

Header field Expected result Why it matters
SPF pass Confirms the sending service is authorised to send for the envelope sender domain.
DKIM pass Confirms the message is signed and has not been altered in transit.
DMARC pass Confirms alignment and policy handling for the From domain.
From domain easyemployer.net Used by inbox providers for trust and alignment decisions.
Return-Path bounce.easyemployer.net Used for delivery, bounces, and SPF evaluation.

Troubleshooting

Emails are delivered but going to Junk or Quarantine

  • Confirm your allow rules are applied to the correct mail flow (gateway versus mailbox level).
  • Check if a user has a mailbox rule that moves mail to Junk or another folder.
  • Confirm the message passes SPF, DKIM, and DMARC in the received headers.

Emails are not arriving at all

  • Check secure gateway quarantine and message tracking.
  • Search for the subject and the sender domain in message trace tools.
  • Confirm whether mail is rejected or deferred, and capture the rejection reason if present.