Skip to main content

Domain Validation, SPF Records and Whitelisting (inc DKIM & DMARC)

Integrations
Updated

Validating Domains

If you are using your own email domain through Amazon AWS (options 1 and 4), validation of the domain is required by adding a DNS TXT entry. Please see Setting up Email Methods for further details.

SPF Records

Eploy send emails that appear to come from your domain. This is called spoofing. You can add a Sender Policy Framework (SPF) record to your domain host to help your recipients know where emails from your domain should be coming from and that they aren't spam.

How SPF Records Work

  • Sender (Eploy) sends an email to Receiver.
  • Receiver’s inbound e-mail server receives e-mail and calls its Sender ID Framework.
  • Receiver’s inbound e-mail server receives e-mail and calls its Sender ID Framework.
  • The Sender ID Framework looks up the SPF record of the domain that Sender is using for sending the mail
  • The receiving Mail Transfer Agent (MTA) determines if the outbound Mail Server IP address matches those that are authorised to send mail for the user.

If you are sending emails through Amazon AWS, you will need to ADD a new SPF record. Please see Setting up Email Methods for further details.

 

 

Whitelisting Mail Servers

Whitelisting is specifically allowing emails from a certain source, such as Eploy, to be allowed into your recipient’s mailbox. Adding such trusted email addresses to your whitelist means they can pass easily through spam filters or junk folders across different mail clients and internet security platforms. The main reason this can be needed is because we send emails from your domain and your internal servers know this email has not originated from within your organisation and therefore could get blocked. Depending on which email method you have chosen, you may or may not need to do this. Please see Setting up Email Methods for further details.

MX Records

Mail Exchange (MX) records are DNS records that are necessary for delivering email to email addresses. In simple terms, an MX record is used to tell the world which mail servers accept incoming mail for your domain and where emails sent to your domain should be routed to.

The MX record should be added to an eploymail Host (Domain) – it should not be added to your main domain. Please see Setting up Email Methods for further details.

This is only required if you are sending through Amazon AWS through one of your own domains (options 1 and 4). Please see Setting up Email Methods for further details.

Sending over SSL/TLS

Emails that are sent and received are generally not encrypted. This means that if they are intercepted by hackers, then the contents of the email can be easily accessed. Connecting to mail servers with Secure Socket Layer (SSL) and its successor Transport Layer Security (TLS) means you are encrypting when you connect. All Eploy’s options (1, 3 and 4) offer this as standard. If you opt for an SMTP relay, this will depend on your own internal mail server setup/policies. The connection from our servers to yours can also be encrypted.

DKIM

Domain Keys Identified Mail (DKIM) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorised by the owner of that domain. This is done by giving the email a digital signature. The DKIM signature is a header that is added to the message and is secured with encryption. DKIM signatures are not visible to end users and the validation is done on a server level.

DMARC

Domain-based Message Authentication Reporting and Conformance (DMARC) is an email validation system designed to protect your company’s email domain from being used for email spoofing, phishing scams and other cybercrimes.

DMARC leverages the existing email authentication techniques SPF (Sender Policy Framework) DKIM (Domain Keys Identified Mail). As the domain owner, when you publish a DMARC record into your DNS record, you will gain insight in who is sending email on your behalf (i.e. Eploy via Amazon AWS). This information can be used to get detailed information about the email channel. With this information, a domain owner can get control over the email sent on his behalf. You can use DMARC to protect your domains against abuse in phishing or spoofing attacks.

Related articles

Comments

0 comments

Article is closed for comments.