Authenticating Email
If you want to have any the transactional emails we send be sent from your email address of choice, you will need to:
- Reach out to us so that we can configure your desired email address for those email types
- Configure or have your IT department configure the following policies, to improve the email delivery rates.
All of the following are TXT records.
The domains will be specified as
example.com
(eg. what you would for an email[email protected]
) - Check your implementation, for example, using the Global security alliance checker.
SPF (Sender Policy Framework)
- Overview: SPF is an email authentication method that allows the recipient's mail server to verify that the incoming email is sent from an authorized server.
- How it works: SPF uses DNS records to specify which servers are authorized to send emails on behalf of a domain.
- Implementation steps:
- Create an SPF record in the DNS settings of your domain.
- Specify the name as
example.com
- Type is TXT
- The value is
v=spf1 include:spf.protection.outlook.com include:_spf.google.com include:u826348.wl.sendgrid.net include:spf.mandrillapp.com ~all
DKIM (DomainKeys Identified Mail)
- Overview: DKIM is an email authentication method that adds a digital signature to the email headers, allowing the recipient's mail server to verify the integrity and authenticity of the message.
- How it works: DKIM uses public-key cryptography to sign outgoing emails and includes the signature in the email headers.
- Implementation steps:
- Create an DKIM record in the DNS settings of your domain.
- The name should be a simple, user-defined text string that will be appended to the domain name to help identify the DKIM public key (e.g.“standard”). Example: “standard._domain.example.com” = host name
- Type is TXT
- Value is
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwcPZIpAb94R7CtPubeS7oidCu+jGFfU4XMhWrCS2Y/0+Bo6FwRLE3Jf9VVxHHo1bi5ZflsiZ90RKOFbPiQ6kKthYWV6l7+raYEqYyND3wsb7uZj3HS6mnvl6zIyUEgfVgMJSH+hhLqho9pTyzeZVEgCcxbEj0WhghSsc9lgFddQIDAQAB;v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwcPZIpAb94R7CtPubeS7oidCu+jGFfU4XMhWrCS2Y/0+Bo6FwRLE3Jf9VVxHHo1bi5ZflsiZ90RKOFbPiQ6kKthYWV6l7+raYEqYyND3wsb7uZj3HS6mnvl6zIyUEgfVgMJSH+hhLqho9pTyzeZVEgCcxbEj0WhghSsc9lgFddQIDAQAB;
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
- Overview: DMARC is an email authentication protocol that builds upon SPF and DKIM to provide additional protection
against email spoofing and phishing attacks.
Once SPF and DKIM are set up correctly, we can add monitoring of messages failing these policies.
For starters, you should set the policy to
none
to avoid messages being rejected if something is wrong. After some time with no issue, set the policy toreject
. - How it works: DMARC allows domain owners to specify how email receivers should handle emails that fail SPF or DKIM checks.
- Implementation steps:
- Publish a DMARC policy in the DNS settings of your domain.
- The name is something similar to "_dmarc.example.com.”
- Starting value should be
v=DMARC1; p=none; fo=1; rua=mailto:[email protected],mailto:[email protected]; aspf=r;
- Specify the desired actions to be taken when an email fails SPF or DKIM checks (e.g., quarantine, reject, or none, as in the example).
BIMI
- Overview: BIMI is used to display an icon in the email for the users. It might require paying someone for a certificate as well, since some email providers will not show it without a certificate. If you want BIMI configured, contact us if you need us to host it or host your image yourself.
- Implementation steps:
- Host the image you want to use(contact us or host it yourself)
- Create a DNS TXT record
- Value would be something like
v=BIMI1; l=https://marketplace.develop.bam.fan/bam/bimi-logo.svg; a=;
Replace our link with the link to your logo.
Additional info
MX records
bam-fan.mail.protection.outlook.com.
NS Records
dax.ns.cloudflare.com.
maisie.ns.cloudflare.com.