Categories
Archives
Setting up secured emails
Historically, the process for establishing a secured link between a domain name and an email provider has been pretty loose. In the past decade, the process has been refined and now we have a very clear path for establishing a connection between these two parties. The first thing you will to do is gain access to your domain provider or name server provider. We are going to need to update several DNS records to get everything into place. If you are uncomfortable with DNS records feel free to reach out to your support contact at Captavi to have this completed for you.
Sender Policy Framework (SPF) Records
Commonly referred to by their abbreviation the SPF record. Previously this was its own record type at the DNS level. This has since been deprecated. You will now utilize TXT records to store SPF data. A typical format for a TXT record containing SPF information would be the following:
v=spf1 include:email-od.com ~all
If you use google mail as your email provider you'll need to merge the two TXT SPF records into one record.
This is as simple as adding a second "include:" to your string. An example could be:
v=spf1 include:email-od.com include:spf.protection.outlook.com ~all
It is important to note that you will NOT wish to copy the above outlook example. Google and Outlook may have updated SPF requirements. It is always best to determine the latest requirements directly from their documentation. Be certain to have the following properly integrated into your record:
include:email-od.com
DomainKeys Identified Mail (DKIM) Authorization
Each and every message that processes through the Captavi Platform is automatically signed with a DKIM signature that authenticates email-od.com as the point of origin for your messages. This allows every message processing on our platform to properly authenticate at the major service providers. No action is required for DKIM authentication to occur, however, you have the option to customize DKIM signing with your own domain.
If you choose to utilize your own domain you'll need to create a CNAME entry at the DNS level. The CNAME entry for "example.com" would be as follows:
dkim._domainkey.example.com CNAME IN dkim._domainkey.email-od.comOnce you have this completed, you'll need to notify a member of our team via the support ticketing system. That team member will run our internal validation tools on the record to authorize our email domain to utilize your domain name when sending your emails to your customers.
DMARC Policy
Domain-based Message Authentication, Reporting, and Conformance for short DMARC is the pinnacle of security and authentication. It involves another layer of rigor for establishing this level of compliance. Adding a valid SPF record to your domain that includes the Captavi platform (email-od.com) is a best practice. It is not enough to achieve a passing SPF result for DMARC. DMARC at the "relaxed" level requires that the organizational domain used in both of the two "From" addresses are matching. For example, the from address in the email marketing tool is [ @example.com ], then your reply address also needs to use an email address like [ @example.com ] or a subdomain such as [ @bounces.example.com ].
To help Captavi customers achieve passing SPF records that meet DMARC requirements we offer a feature called Custom Bounce Domains. This allows you to white-label the domain portion of the VERP address used in message delivery. If you would like to pursue DMARC Policy compliance please submit a ticket to the Captavi Support team for assistance.