Authorized Senders

When a team list has 'Closed Group' enabled, only authorized email addresses can send messages to it. This protects your team from spam and unauthorized access.

How Authorization Works

When an email arrives at a team list address (e.g., myteam@tmsg.de), TeamMessage checks if the sender is authorized:

  1. The sender's email address is extracted from the incoming email
  2. TeamMessage checks if this address has send permission
  3. If authorized, the message is forwarded to all recipients
  4. If not authorized, the sender receives a rejection notice

Who Can Send?

Only team members with 'Send Permission' enabled on their email channel are authorized to send to team lists where they are a member.

Example:

To allow a monitoring system to send alerts:

  1. Add a member for the monitoring system (e.g., 'Nagios Server')
  2. Add an email channel with the system's sender address (e.g., nagios@server.local)
  3. Enable 'Send Permission' for this channel
  4. Assign the channel to the appropriate team lists

Tip

This approach keeps all sender management centralized in the member list. You always have a clear overview of who can send to which team list.

Wildcard Addresses

Instead of individual email addresses, you can use wildcards to authorize entire domains or address patterns:

  • *@example.com – Any address from example.com
  • *.name@example.com – Any address ending with .name@example.com

Example:

To allow all employees of a company to send alerts:

  1. Add a member (e.g., 'Company Staff')
  2. Add an email channel with the wildcard address: *@company.com
  3. Enable 'Send Permission' for this channel

Now anyone with an @company.com email address can send to the team list.

Tip

Wildcards are useful when you have many senders from the same domain, such as a company's email domain or a shared hosting environment.

Authentication Method

TeamMessage offers two methods for checking the sender address:

Secure (Envelope Sender)

Only the envelope sender (SMTP 'MAIL FROM') is checked. This is the more secure option because the envelope sender is harder to forge.

Flexible (Header Sender)

Both envelope sender and header sender ('From:' header) are accepted. Use this if your email setup doesn't preserve the envelope sender correctly.

Note

Most email setups work fine with the secure method. Only switch to flexible if you experience authorization problems.

Open vs. Closed Groups

The 'Closed Group' setting on a team list determines whether sender authorization is enforced:

  • Closed Group (default) – Only authorized senders can send to the list
  • Open Group – Anyone can send to the list (no authorization check)

Tip

Keep 'Closed Group' enabled for security. Open groups should only be used for public submission forms or similar use cases where you explicitly want to accept messages from unknown senders.

Troubleshooting

If a sender receives rejection notices unexpectedly:

  • Verify the sender's email address matches exactly (including domain)
  • Check if 'Send Permission' is enabled for their member profile
  • Try switching to 'Flexible' authentication if using email forwarding
  • Ensure the sender is added as a member with an email channel in the team list
Menu