The purpose of this document is to outline the steps needed to update your domain’s Domain Name System (DNS) settings. These updates are done to verify your sender domain so that recipient email servers know it is your organization. AssociationSphere is “authorized” to send emails on behalf of your organization once your domain has been verified.
This improves email deliverability but does not guarantee 100% delivery to a recipient’s Inbox. The recipient’s email provider controls the final delivery. Email recipients may have the ability to mark emails as Not Spam, or Trust Sender, or add your organization’s email address to their contacts, which may also improve reaching their Inbox.
We recommend contacting the support team at [email protected] to assist you with this process.
What is a "Verified Sender Domain"?
A verified sender domain is a domain that has given AssociationSphere permission to send email from your domain. This means that the emails are being sent by AssociationSphere servers, but the emails are using your domain as the "From" address.
Why is it a good idea to verify your sending domain?
Recipient ISPs need to verify that the domain has given permission for AssociationSphere servers to use it. They can verify this by looking up certain records in your domain's DNS.
Where do I start, where do I go to fill in the correct form for this? What will I see?
First you will go to where your domain is hosted (e.g., GoDaddy, Dreamhost, HostGator etc.), there will be an option there to adjust your DNS settings. You will see several fields of information to fill. The most common are SPF, DKIM.
TXT, SPF, DKIM, CNAME, and DMARC Acronyms
What are TXT Records?
TXT records are a type of DNS record in text format, which contain information about your domain. TXT records also have information that helps external network servers and services handle outgoing email from your domain. The text file can be read back by the computer that needs it. TXT records are used to mark up the different types of information stored in DNS.
What are SPF Records?
SPF stands for "Sender Policy Framework". An SPF record is in place to identify which mail servers are authorized to send mail for a given domain. It is used to prevent spammers from sending mail with fraudulent From addresses at that domain.
What are DKIM records?
DKIM stands for "DomainKeys Identified Mail". They allow receiving servers to confirm that mail coming from a domain is authorized by the domain's administrators.
What are CNAME records?
A Canonical Name or CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name. CNAME records are typically used to map a subdomain such as www or mail to the domain hosting that subdomain's content.
What are DMARC records?
A DMARC policy allows a sender to indicate that their emails are signed by SPF and DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or bounce the email. DMARC removes guesswork from the receiver’s handling of these failed emails, limiting or eliminating the user’s exposure to potentially fraudulent & harmful emails. DMARC also provides a way for the email receiver to report back to the sender about emails that pass and/or fail DMARC evaluation.
DMARC policy on your domain(s) will affect all of your email sending from that domain (not just the mail you are sending through AssociationSphere) so you need to ensure you are using SPF and DKIM for all your email delivery
Steps for Verification
Below is a quick outline of the steps required for verification. The support team is available to assist you in this process. Please contact [email protected] for more information and when you have completed all the steps to ensure the verification is finished on our end.
TXT
a) If a TXT record exists for the SPF, it is edited. Otherwise, a new TXT for the SPF is added.
b) A new TXT record is added for the DKIM.
c) A new CNAME record is added for the tracking.
d) Optionally, the DMARC is edited/added, but not required.
SPF
a) If the domain DNS has an existing SPF record, then add “ include:cvdel.com ”.
For example, your domain DNS already has a TXT record setup for the SPF record and it looks something like:
v=spf1 a mx include:_spf.google.com ~all
The final example record would look like this:
v=spf1 a mx include:_spf.google.com include:cvdel.com ~all
b) The domain DNS does not have an SPF record (please see NOTE a below), then in your domain DNS settings create a TXT record*.
c*DNS settings should only have one (1) TXT record for the SPF.
Create a TXT record.
Enter:
Host/Name: enter @ symbol, or use yourdomain.com, or leave blank if the field already points to yourdomain.com.
Record Type: TXT (if needed)
Value: v=spf1 a mx include:cvdel.com ~all
Notes for SPF:
If your domain does not have an existing SPF record you may need to “include:” other email service providers (ESP) which you are using. Please check with the ESPs to see if that is required.
There is NO SPACE between include: and cvdel.com.
The SPF record specification limits the number of DNS lookups to 10.
If you exceed this limit, you will fail an SPF check (https://dmarcian.com/spf-survey/).
One way to reduce the number of DNS lookups is to replace include:cvdel.com with include:_spf.elasticemail.com.
The final example record would look like this:
v=spf1 a mx include:_spf.elasticemail.com ~all
DKIM
- Create a TXT record.
- Enter:
Host/Name: api._domainkey
Record Type: TXT (if needed)
Value: k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB
- Copy/Paste version below. This is one long text string; NO spaces should be included.
k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB
- Characters for the DKIM Value are shown in Courier New font.
Lowercase L (el) = l
Uppercase I (eye) = I
Numeric 1 (one) = 1
Uppercase O (oh) = O
Numeric 0 (zero) = 0
Notes for DKIM:
Verify that NO SPACES are included in the Value after it is copied and pasted into the DNS. Place your cursor in the Value field and scroll through it to check for and remove any spaces.
DNS settings can have as many DKIM records as needed.
Tracking with CNAME
- Create a CNAME record.
- Enter:
Host/Name: tracking
Record Type: CNAME (if needed)
Value: tracking.cvdel.com
DMARC
More information on the DMARC record can be found online to understand its use and impact, but here is an overview:
Report(s) are emailed to the rua= and ruf= mailto addresses entered. The ruf parameter can be skipped.
RUA is reporting that provides an aggregate view of all of a domain’s traffic. The other option is RUF reports that are redacted forensic copies of the individual emails that are not 100% compliant with DMARC. While RUA reports show the traffic of the email, RUF reports contain snippets from the actual emails themselves. While RUA reporting is all that is needed for DMARC deployment, more advanced users may also add the RUF tag, which will send more sensitive information.
- Create a TXT record.
Enter:
Host/Name: _dmarc
Record Type: TXT (if needed)
Value: v=DMARC1; p=none; or quarantine; or reject;(1) pct=100; rua=mailto:[email protected]; ruf=mailto:[email protected]
Notes on DMARC:
(1) Select one of the p= options. For example, p=none;, p=quarantine;, or p=reject;.
If unfamiliar with the DMARC record, the p=none option can be used when setting up the record.
One example is,
v=DMARC1;p=none;pct=100;rua=mailto:[email protected];